OpenSSL 0.9.7 prior to 0.9.7l, 0.9.8 prior to 0.9.8d, and previous versions versions allows malicious users to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
openssl openssl 0.9.7a |
||
openssl openssl 0.9.7b |
||
openssl openssl 0.9.7i |
||
openssl openssl 0.9.7j |
||
openssl openssl 0.9.7c |
||
openssl openssl 0.9.7d |
||
openssl openssl 0.9.7k |
||
openssl openssl 0.9.8 |
||
openssl openssl 0.9.6h |
||
openssl openssl 0.9.6c |
||
openssl openssl 0.9.6b |
||
openssl openssl 0.9.6a |
||
openssl openssl 0.9.7e |
||
openssl openssl 0.9.7f |
||
openssl openssl 0.9.8a |
||
openssl openssl 0.9.8b |
||
openssl openssl 0.9.8c |
||
openssl openssl 0.9.6e |
||
openssl openssl 0.9.6d |
||
openssl openssl 0.9.5a |
||
openssl openssl 0.9.3a |
||
openssl openssl 0.9.6f |
||
openssl openssl 0.9.6i |
||
openssl openssl 0.9.6l |
||
openssl openssl 0.9.6 |
||
openssl openssl 0.9.5 |
||
openssl openssl 0.9.3 |
||
openssl openssl 0.9.2b |
||
openssl openssl 0.9.1c |
||
openssl openssl 0.9.7 |
||
openssl openssl 0.9.7g |
||
openssl openssl 0.9.7h |
||
openssl openssl 0.9.6m |
||
openssl openssl 0.9.6g |
||
openssl openssl 0.9.6k |
||
openssl openssl 0.9.6j |
||
openssl openssl 0.9.4 |
Vulmon