Published: 08/02/2013 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

OpenSSL prior to 0.9.8y, 1.0.0 prior to 1.0.0k, and 1.0.1 prior to 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 0.9.7
openssl openssl 0.9.5a
openssl openssl 0.9.8b
openssl openssl 0.9.7l
openssl openssl 0.9.6i
openssl openssl 0.9.8m
openssl openssl 0.9.3
openssl openssl 0.9.8c
openssl openssl 1.0.0c
openssl openssl 1.0.0i
openssl openssl 0.9.7c
openssl openssl 0.9.5
openssl openssl 0.9.8n
openssl openssl 0.9.8p
openssl openssl 0.9.6d
openssl openssl 0.9.1c
openssl openssl 0.9.6
openssl openssl 1.0.1c
openssl openssl 0.9.7j
openssl openssl 0.9.6a
openssl openssl 0.9.8e
openssl openssl 0.9.8u
redhat openssl 0.9.6-15
openssl openssl 0.9.4
openssl openssl 0.9.8g
openssl openssl 1.0.0h
openssl openssl 0.9.8k
openssl openssl 0.9.8d
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 0.9.6f
openssl openssl 0.9.8j
openssl openssl 0.9.6l
openssl openssl 1.0.0d
openssl openssl 0.9.7k
openssl openssl 1.0.0j
openssl openssl 0.9.8s
openssl openssl 0.9.7g
openssl openssl 1.0.1a
openssl openssl 0.9.6e
openssl openssl 0.9.7d
openssl openssl 0.9.8l
openssl openssl 0.9.6b
openssl openssl 0.9.7e
openssl openssl 0.9.7b
openssl openssl 0.9.8r
openssl openssl 0.9.8t
openssl openssl 0.9.6k
openssl openssl 0.9.8a
openssl openssl 0.9.6g
openssl openssl 0.9.7m
openssl openssl 0.9.3a
openssl openssl 0.9.6h
openssl openssl 1.0.0
openssl openssl 1.0.1b
openssl openssl 0.9.7i
openssl openssl 0.9.7h
openssl openssl 0.9.8o
openssl openssl 0.9.8q
openssl openssl 0.9.8w
redhat openssl 0.9.6b-3
openssl openssl 0.9.6j
openssl openssl 0.9.8
openssl openssl 0.9.7a
openssl openssl 0.9.6c
openssl openssl 0.9.6m
openssl openssl 0.9.8v
openssl openssl 0.9.8i
openssl openssl 0.9.8f
openssl openssl 1.0.0a
openssl openssl 0.9.8h
openssl openssl 0.9.8x
openssl openssl 0.9.2b
openssl openssl 1.0.0b
openssl openssl 1.0.1
openssl openssl 1.0.0g
redhat openssl 0.9.7a-2
openssl openssl 0.9.7f

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulne ...

Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes several security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impac ...

Debian Bug report logs - #699889 several issues in Security Advisory 5 Feb 2013 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Wed, 6 Feb 2013 11 ...

Several security issues were fixed in OpenSSL ...

Multiple vulnerabilities have been found in OpenSSL The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key CVE-2013-0169 A timing side ...

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle (CVE-2013-0169) A NULL pointer dereference ...

rt-n56u ASUS RT-N11P/N14U/N56U/N65U/AC51U/AC54U/AC1200HP custom firmware 3X39-095 by Padavan Project sources: git clone codegooglecom/p/rt-n56u/ Git HTTP frontend: codegooglecom/p/rt-n56u/source/list ATTENTION: After the first upgrade from official firmware, all settings will be erased Do not load settings (CFG fil

CWE-310 http://www.openssl.org/news/secadv_20130204.txt https://bugzilla.redhat.com/show_bug.cgi?id=908052 http://www.debian.org/security/2013/dsa-2621 http://rhn.redhat.com/errata/RHSA-2013-0587.html http://rhn.redhat.com/errata/RHSA-2013-0783.html http://marc.info/?l=bugtraq&m=136396549913849&w=2 http://rhn.redhat.com/errata/RHSA-2013-0782.html http://www.kb.cert.org/vuls/id/737740 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 http://secunia.com/advisories/55139 http://secunia.com/advisories/55108 http://rhn.redhat.com/errata/RHSA-2013-0833.html http://marc.info/?l=bugtraq&m=137545771702053&w=2 http://www.splunk.com/view/SP-CAAAHXG http://secunia.com/advisories/53623 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://marc.info/?l=bugtraq&m=136432043316835&w=2 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 https://access.redhat.com/errata/RHSA-2013:0587 https://usn.ubuntu.com/1732-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/737740

CVE-2013-0166

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect