Vulnerabilites related to redhat - openssl
Vulnerability from fkie_nvd
Published
2012-04-19 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.htmlExploit
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=22431
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=22434
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=22439
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133728068926468&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133728068926468&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133951357207000&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133951357207000&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134039053214295&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134039053214295&w=2
secalert@redhat.comhttp://osvdb.org/81223
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0518.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0522.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1306.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1307.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1308.html
secalert@redhat.comhttp://secunia.com/advisories/48847
secalert@redhat.comhttp://secunia.com/advisories/48895
secalert@redhat.comhttp://secunia.com/advisories/48899
secalert@redhat.comhttp://secunia.com/advisories/48942
secalert@redhat.comhttp://secunia.com/advisories/48999
secalert@redhat.comhttp://secunia.com/advisories/57353
secalert@redhat.comhttp://support.apple.com/kb/HT5784
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
secalert@redhat.comhttp://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2454
secalert@redhat.comhttp://www.exploit-db.com/exploits/18756
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:060
secalert@redhat.comhttp://www.openssl.org/news/secadv_20120419.txtVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/53158
secalert@redhat.comhttp://www.securitytracker.com/id?1026957
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1424-1
secalert@redhat.comhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
secalert@redhat.comhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
secalert@redhat.comhttps://kb.juniper.net/KB27376
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=22431
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=22434
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=22439
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133728068926468&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133728068926468&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133951357207000&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133951357207000&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134039053214295&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134039053214295&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/81223
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0518.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0522.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1306.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1307.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1308.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48847
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48895
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48899
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48942
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48999
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57353
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5784
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
af854a3a-2127-422b-91ae-364da2661108http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2454
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/18756
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20120419.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53158
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026957
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1424-1
af854a3a-2127-422b-91ae-364da2661108https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
af854a3a-2127-422b-91ae-364da2661108https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/KB27376
Impacted products
Vendor Product Version
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0a
openssl openssl 1.0.0b
openssl openssl 1.0.0c
openssl openssl 1.0.0d
openssl openssl 1.0.0e
openssl openssl 1.0.0g
openssl openssl *
openssl openssl 0.9.1c
openssl openssl 0.9.2b
openssl openssl 0.9.3
openssl openssl 0.9.3a
openssl openssl 0.9.4
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6b
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.6l
openssl openssl 0.9.6m
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.7h
openssl openssl 0.9.7i
openssl openssl 0.9.7j
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.7m
openssl openssl 0.9.8
openssl openssl 0.9.8a
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
openssl openssl 0.9.8l
openssl openssl 0.9.8m
openssl openssl 0.9.8m
openssl openssl 0.9.8n
openssl openssl 0.9.8o
openssl openssl 0.9.8p
openssl openssl 0.9.8q
openssl openssl 0.9.8r
openssl openssl 0.9.8s
openssl openssl 0.9.8t
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2
openssl openssl 1.0.1
openssl openssl 1.0.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C9344D-F390-4003-93D1-013A9F521A17",
              "versionEndIncluding": "0.9.8u",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
              "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n asn1_d2i_read_bio en OpenSSL antes de v0.9.8v, en v1.0.0 antes de v1.0.0i y en v1.0.1 antes de v1.0.1a no interpreta correctamente los enteros, lo que permite realizar ataques de desbordamiento de buffer a atacantes remotos, y provocar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria) o posiblemente tener un impacto no especificado, a trav\u00e9s de datos DER debidamente modificados, como lo demuestra un certificado X.509 o una clave p\u00fablica RSA."
    }
  ],
  "id": "CVE-2012-2110",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-19T17:55:01.253",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.openssl.org/chngview?cn=22431"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.openssl.org/chngview?cn=22434"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.openssl.org/chngview?cn=22439"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/81223"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48847"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48899"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48942"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48999"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.exploit-db.com/exploits/18756"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20120419.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/53158"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026957"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1424-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://kb.juniper.net/KB27376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=22431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=22434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=22439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/81223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/18756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20120419.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1424-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kb.juniper.net/KB27376"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-05-14 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=22538
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=22547
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134919053717161&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134919053717161&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136432043316835&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136432043316835&w=2
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0699.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1306.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1307.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1308.html
secalert@redhat.comhttp://secunia.com/advisories/49116
secalert@redhat.comhttp://secunia.com/advisories/49208
secalert@redhat.comhttp://secunia.com/advisories/49324
secalert@redhat.comhttp://secunia.com/advisories/50768
secalert@redhat.comhttp://secunia.com/advisories/51312
secalert@redhat.comhttp://support.apple.com/kb/HT5784
secalert@redhat.comhttp://www.cert.fi/en/reports/2012/vulnerability641549.html
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2475
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/737740US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:073
secalert@redhat.comhttp://www.openssl.org/news/secadv_20120510.txt
secalert@redhat.comhttp://www.securityfocus.com/bid/53476
secalert@redhat.comhttp://www.securitytracker.com/id?1027057
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=820686
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75525
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=22538
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=22547
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134919053717161&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134919053717161&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136432043316835&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136432043316835&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0699.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1306.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1307.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1308.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49116
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49208
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49324
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50768
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51312
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5784
af854a3a-2127-422b-91ae-364da2661108http://www.cert.fi/en/reports/2012/vulnerability641549.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2475
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/737740US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:073
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20120510.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53476
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027057
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=820686
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl 0.9.1c
openssl openssl 0.9.2b
openssl openssl 0.9.3
openssl openssl 0.9.3a
openssl openssl 0.9.4
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6b
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.6l
openssl openssl 0.9.6m
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.7h
openssl openssl 0.9.7i
openssl openssl 0.9.7j
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.7m
openssl openssl 0.9.8
openssl openssl 0.9.8a
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
openssl openssl 0.9.8l
openssl openssl 0.9.8m
openssl openssl 0.9.8m
openssl openssl 0.9.8n
openssl openssl 0.9.8o
openssl openssl 0.9.8p
openssl openssl 0.9.8q
openssl openssl 0.9.8r
openssl openssl 0.9.8s
openssl openssl 0.9.8t
openssl openssl 0.9.8u
openssl openssl 0.9.8v
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0a
openssl openssl 1.0.0b
openssl openssl 1.0.0c
openssl openssl 1.0.0d
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 1.0.0g
openssl openssl 1.0.0h
openssl openssl 1.0.1
openssl openssl 1.0.1
openssl openssl 1.0.1
openssl openssl 1.0.1
openssl openssl 1.0.1a
openssl openssl 1.0.1b



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14672B30-A838-4BCE-935D-F8261F0A43EE",
              "versionEndIncluding": "0.9.8w",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
              "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
              "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en OpenSSL anteriores a v0.9.8x, v1.0.0 anteriores a v1.0.0j, y v1.0.1 anteriores a v1.0.1c, cuando TLS v1.1, TLS v1.2, o DTLS es usado con cifrado CBC, permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (sobre escritura del b\u00fafer) o posiblemente tener otros impactos no determinados a trav\u00e9s de paquetes TLS manipulados que no son gestionados de forma adecuada en ciertos c\u00e1lculos de vectores IV concretos."
    }
  ],
  "id": "CVE-2012-2333",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-14T22:55:03.070",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.openssl.org/chngview?cn=22538"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.openssl.org/chngview?cn=22547"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49116"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49208"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49324"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50768"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/51312"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2475"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openssl.org/news/secadv_20120510.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/53476"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1027057"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=22538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=22547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openssl.org/news/secadv_20120510.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-06-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
References
secalert@redhat.comftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascBroken Link, Third Party Advisory
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=17369Broken Link, Patch, Third Party Advisory
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlThird Party Advisory
secalert@redhat.comhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guestThird Party Advisory, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/35571Not Applicable, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/35685Not Applicable, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/35729Not Applicable, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/36533Not Applicable, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38794Not Applicable, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38834Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/06/02/1Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1335.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/35174Broken Link, Exploit, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-792-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0528Permissions Required, Third Party Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50963Third Party Advisory, VDB Entry
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179Broken Link, Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469Broken Link, Tool Signature
secalert@redhat.comhttps://www.exploit-db.com/exploits/8873Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=17369Broken Link, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guestThird Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35571Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35685Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35729Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36533Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38794Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38834Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/06/02/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1335.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35174Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-792-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0528Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50963Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179Broken Link, Tool Signature
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469Broken Link, Tool Signature
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/8873Exploit, Third Party Advisory, VDB Entry
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD28B423-FF29-4983-9FBD-68641B1C142A",
              "versionEndExcluding": "0.9.8i",
              "versionStartExcluding": "0.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello."
    },
    {
      "lang": "es",
      "value": "ssl/s3_pkt.c en OpenSSL anteriores a v0.9.8i permite a los atacantes remotos, causar una denegaci\u00f3n de servicios (puntero NULO desreferenciado y ca\u00edda del \"daemon\"), a trav\u00e9s de un paquete ChangeCipherSpec DTLs que ocurre antes de ClientHello."
    }
  ],
  "id": "CVE-2009-1386",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-04T16:30:00.313",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://cvs.openssl.org/chngview?cn=17369"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/35174"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://cvs.openssl.org/chngview?cn=17369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/35174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8873"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-06-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
References
secalert@redhat.comftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascBroken Link, Third Party Advisory
secalert@redhat.comhttp://cvs.openssl.org/chngview?cn=17958Broken Link, Patch, Third Party Advisory, Vendor Advisory
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlThird Party Advisory
secalert@redhat.comhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guestBroken Link, Patch, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/35571Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/35685Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/35729Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/36533Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37003Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38794Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38834Third Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200912-01.xmlThird Party Advisory
secalert@redhat.comhttp://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netBroken Link
secalert@redhat.comhttp://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlThird Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/06/02/1Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1335.htmlThird Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-792-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0528Permissions Required, Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592Tool Signature
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=17958Broken Link, Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guestBroken Link, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35571Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35685Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35729Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36533Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37003Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38794Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38834Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200912-01.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netBroken Link
af854a3a-2127-422b-91ae-364da2661108http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/06/02/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1335.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-792-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0528Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740Tool Signature
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592Tool Signature
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA054F35-6E05-4A24-9195-F80C0C2761DC",
              "versionEndExcluding": "0.9.8m",
              "versionStartIncluding": "0.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL anteriores a v1.0.0 Beta 2 permite a los atacantes causar una denegaci\u00f3n de servicios (puntero NULO desreferenciado y ca\u00edda de \"daemon\") a trav\u00e9s de un mensaje \"handshake\" DTLS fuera de secuencia, relativo a \"fragment bug\"."
    }
  ],
  "id": "CVE-2009-1387",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-04T16:30:00.343",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://cvs.openssl.org/chngview?cn=17958"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://cvs.openssl.org/chngview?cn=17958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-01-14 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
References
cve@mitre.orghttp://cvs.openssl.org/chngview?cn=19068
cve@mitre.orghttp://cvs.openssl.org/chngview?cn=19069
cve@mitre.orghttp://cvs.openssl.org/chngview?cn=19167
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=127128920008563&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=127128920008563&w=2
cve@mitre.orghttp://secunia.com/advisories/38175Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/38181Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/38200Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/38761
cve@mitre.orghttp://secunia.com/advisories/39461
cve@mitre.orghttp://secunia.com/advisories/42724
cve@mitre.orghttp://secunia.com/advisories/42733
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004
cve@mitre.orghttp://www.debian.org/security/2010/dsa-1970
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:022
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/01/13/3
cve@mitre.orghttp://www.ubuntu.com/usn/USN-884-1Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0124Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0839
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0916
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=546707
cve@mitre.orghttps://issues.rpath.com/browse/RPL-3157
cve@mitre.orghttps://kb.bluecoat.com/index?page=content&id=SA50
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=19068
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=19069
af854a3a-2127-422b-91ae-364da2661108http://cvs.openssl.org/chngview?cn=19167
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127128920008563&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127128920008563&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38175Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38181Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38200Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38761
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39461
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42724
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42733
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-1970
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:022
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/01/13/3
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-884-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0124Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0839
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0916
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=546707
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-3157
af854a3a-2127-422b-91ae-364da2661108https://kb.bluecoat.com/index?page=content&id=SA50
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2010-0095.html
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl 0.9.1c
openssl openssl 0.9.2b
openssl openssl 0.9.3
openssl openssl 0.9.3a
openssl openssl 0.9.4
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6b
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.6l
openssl openssl 0.9.6m
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.7h
openssl openssl 0.9.7i
openssl openssl 0.9.7j
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.7m
openssl openssl 0.9.8
openssl openssl 0.9.8a
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0
openssl openssl 1.0.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FB3B26-CC83-4FA5-BDE1-05F35AB99741",
              "versionEndIncluding": "0.9.8l",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678."
    },
    {
      "lang": "es",
      "value": "Fuga de memoria en la funci\u00f3n zlib_stateful_finish en crypto/comp/c_zlib.c en OpenSSL v0.9.8l y anteriores, y  v1.0.0 Beta a la Beta 4, permite a atacantes remoso provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores que provocan llamadas incorrectas a la funci\u00f3n CRYPTO_free_all_ex_data, como se demostr\u00f3 usando SSLv3 y PHP con el Apache HTTP Server, una cuesti\u00f3n relacionada con el CVE-2008-1678."
    }
  ],
  "id": "CVE-2009-4355",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-14T19:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cvs.openssl.org/chngview?cn=19068"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://cvs.openssl.org/chngview?cn=19069"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://cvs.openssl.org/chngview?cn=19167"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38175"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38181"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38761"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39461"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2010/dsa-1970"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-884-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0124"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0839"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0916"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-3157"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=19068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=19069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.openssl.org/chngview?cn=19167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-1970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-884-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-3157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
secalert@redhat.comhttp://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
secalert@redhat.comhttp://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
secalert@redhat.comhttp://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136396549913849&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136396549913849&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136432043316835&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136432043316835&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=137545771702053&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=137545771702053&w=2
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0587.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0782.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0783.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0833.html
secalert@redhat.comhttp://secunia.com/advisories/53623
secalert@redhat.comhttp://secunia.com/advisories/55108
secalert@redhat.comhttp://secunia.com/advisories/55139
secalert@redhat.comhttp://support.apple.com/kb/HT5880
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2621
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/737740US Government Resource
secalert@redhat.comhttp://www.openssl.org/news/secadv_20130204.txtVendor Advisory
secalert@redhat.comhttp://www.splunk.com/view/SP-CAAAHXG
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=908052
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
secalert@redhat.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
af854a3a-2127-422b-91ae-364da2661108http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
af854a3a-2127-422b-91ae-364da2661108http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
af854a3a-2127-422b-91ae-364da2661108http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136396549913849&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136396549913849&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136432043316835&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136432043316835&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=137545771702053&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=137545771702053&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0587.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0782.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0783.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0833.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53623
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55108
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55139
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5880
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2621
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/737740US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20130204.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.splunk.com/view/SP-CAAAHXG
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=908052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
Impacted products
Vendor Product Version
openssl openssl 0.9.1c
openssl openssl 0.9.2b
openssl openssl 0.9.3
openssl openssl 0.9.3a
openssl openssl 0.9.4
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.5a
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6a
openssl openssl 0.9.6b
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.6l
openssl openssl 0.9.6m
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.7h
openssl openssl 0.9.7i
openssl openssl 0.9.7j
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.7m
openssl openssl 0.9.8
openssl openssl 0.9.8a
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
openssl openssl 0.9.8l
openssl openssl 0.9.8m
openssl openssl 0.9.8m
openssl openssl 0.9.8n
openssl openssl 0.9.8o
openssl openssl 0.9.8p
openssl openssl 0.9.8q
openssl openssl 0.9.8r
openssl openssl 0.9.8s
openssl openssl 0.9.8t
openssl openssl 0.9.8u
openssl openssl 0.9.8v
openssl openssl 0.9.8w
openssl openssl 0.9.8x
openssl openssl 1.0.0
openssl openssl 1.0.0a
openssl openssl 1.0.0b
openssl openssl 1.0.0c
openssl openssl 1.0.0d
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 1.0.0g
openssl openssl 1.0.0h
openssl openssl 1.0.0i
openssl openssl 1.0.0j
openssl openssl 1.0.1
openssl openssl 1.0.1a
openssl openssl 1.0.1b
openssl openssl 1.0.1c
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
              "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
              "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
              "matchCriteriaId": "419BBCCD-6F8A-418A-BA02-56267B11D948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
              "matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
              "matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key."
    },
    {
      "lang": "es",
      "value": "OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificaci\u00f3n de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una tecla no v\u00e1lida."
    }
  ],
  "id": "CVE-2013-0166",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-08T19:55:00.967",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/53623"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55108"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55139"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5880"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2621"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20130204.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.splunk.com/view/SP-CAAAHXG"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/53623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20130204.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.splunk.com/view/SP-CAAAHXG"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
cve@mitre.orgftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.ascBroken Link
cve@mitre.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascBroken Link
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtBroken Link
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834Broken Link
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=61798Broken Link
cve@mitre.orghttp://fedoranews.org/updates/FEDORA-2004-095.shtmlThird Party Advisory
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlMailing List
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlMailing List
cve@mitre.orghttp://lists.apple.com/mhonarc/security-announce/msg00045.htmlBroken Link
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing List
cve@mitre.orghttp://secunia.com/advisories/11139Broken Link
cve@mitre.orghttp://secunia.com/advisories/17381Broken Link
cve@mitre.orghttp://secunia.com/advisories/17398Broken Link
cve@mitre.orghttp://secunia.com/advisories/17401Broken Link
cve@mitre.orghttp://secunia.com/advisories/18247Broken Link
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
cve@mitre.orghttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524Broken Link
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2005-239.htmThird Party Advisory
cve@mitre.orghttp://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_USBroken Link
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-101.shtmlBroken Link
cve@mitre.orghttp://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlBroken Link
cve@mitre.orghttp://www.debian.org/security/2004/dsa-465Third Party Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/288574Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlBroken Link
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:023Third Party Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_07_openssl.htmlBroken Link
cve@mitre.orghttp://www.openssl.org/news/secadv_20040317.txtThird Party Advisory
cve@mitre.orghttp://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlMailing List
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-120.htmlBroken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-121.htmlBroken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-139.htmlBroken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-829.htmlBroken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-830.htmlBroken Link
cve@mitre.orghttp://www.securityfocus.com/bid/9899Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
cve@mitre.orghttp://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961Broken Link
cve@mitre.orghttp://www.trustix.org/errata/2004/0012Broken Link
cve@mitre.orghttp://www.uniras.gov.uk/vuls/2004/224012/index.htmBroken Link
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-078A.htmlBroken Link, Third Party Advisory, US Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15505Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779Broken Link
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.ascBroken Link
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascBroken Link
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834Broken Link
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=61798Broken Link
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2004-095.shtmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/mhonarc/security-announce/msg00045.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11139Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17381Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17398Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17401Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18247Broken Link
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524Broken Link
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2005-239.htmThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_USBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-101.shtmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-465Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/288574Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:023Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_07_openssl.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20040317.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-120.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-121.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-139.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-829.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-830.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9899Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2004/0012Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.uniras.gov.uk/vuls/2004/224012/index.htmBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlBroken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15505Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779Broken Link
Impacted products
Vendor Product Version
cisco firewall_services_module *
cisco firewall_services_module 1.1.2
cisco firewall_services_module 1.1.3
cisco firewall_services_module 1.1_\(3.005\)
cisco firewall_services_module 2.1_\(0.208\)
hp aaa_server *
hp apache-based_web_server 2.0.43.00
hp apache-based_web_server 2.0.43.04
symantec clientless_vpn_gateway_4400 5.0
cisco ciscoworks_common_management_foundation 2.1
cisco ciscoworks_common_services 2.2
avaya converged_communications_server 2.0
avaya sg200 4.4
avaya sg200 4.31.29
avaya sg203 4.4
avaya sg203 4.31.29
avaya sg208 *
avaya sg208 4.4
avaya sg5 4.2
avaya sg5 4.3
avaya sg5 4.4
apple mac_os_x 10.3.3
apple mac_os_x_server 10.3.3
freebsd freebsd 4.8
freebsd freebsd 4.8
freebsd freebsd 4.9
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.2
freebsd freebsd 5.2.1
hp hp-ux 8.05
hp hp-ux 11.00
hp hp-ux 11.11
hp hp-ux 11.23
openbsd openbsd 3.3
openbsd openbsd 3.4
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux_desktop 3.0
redhat linux 7.2
redhat linux 7.3
redhat linux 8.0
sco openserver 5.0.6
sco openserver 5.0.7
cisco ios 12.1\(11\)e
cisco ios 12.1\(11b\)e
cisco ios 12.1\(11b\)e12
cisco ios 12.1\(11b\)e14
cisco ios 12.1\(13\)e9
cisco ios 12.1\(19\)e1
cisco ios 12.2\(14\)sy
cisco ios 12.2\(14\)sy1
cisco ios 12.2sy
cisco ios 12.2za
4d webstar 4.0
4d webstar 5.2
4d webstar 5.2.1
4d webstar 5.2.2
4d webstar 5.2.3
4d webstar 5.2.4
4d webstar 5.3
4d webstar 5.3.1
avaya intuity_audix *
avaya intuity_audix 5.1.46
avaya intuity_audix s3210
avaya intuity_audix s3400
avaya vsu 5
avaya vsu 5x
avaya vsu 100_r2.0.1
avaya vsu 500
avaya vsu 2000_r2.0.1
avaya vsu 5000_r2.0.1
avaya vsu 7500_r2.0.1
avaya vsu 10000_r2.0.1
checkpoint firewall-1 *
checkpoint firewall-1 2.0
checkpoint firewall-1 next_generation_fp0
checkpoint firewall-1 next_generation_fp1
checkpoint firewall-1 next_generation_fp2
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint vpn-1 next_generation_fp0
checkpoint vpn-1 next_generation_fp1
checkpoint vpn-1 next_generation_fp2
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco access_registrar *
cisco application_and_content_networking_software *
cisco css_secure_content_accelerator 1.0
cisco css_secure_content_accelerator 2.0
cisco css11000_content_services_switch *
cisco okena_stormwatch 3.2
cisco pix_firewall 6.2.2_.111
cisco threat_response *
cisco webns 6.10
cisco webns 6.10_b4
cisco webns 7.1_0.1.02
cisco webns 7.1_0.2.06
cisco webns 7.2_0.0.03
cisco webns 7.10
cisco webns 7.10_.0.06s
dell bsafe_ssl-j 3.0
dell bsafe_ssl-j 3.0.1
dell bsafe_ssl-j 3.1
hp wbem a.01.05.08
hp wbem a.02.00.00
hp wbem a.02.00.01
lite speed_technologies_litespeed_web_server 1.0.1
lite speed_technologies_litespeed_web_server 1.0.2
lite speed_technologies_litespeed_web_server 1.0.3
lite speed_technologies_litespeed_web_server 1.1
lite speed_technologies_litespeed_web_server 1.1.1
lite speed_technologies_litespeed_web_server 1.2.1
lite speed_technologies_litespeed_web_server 1.2.2
lite speed_technologies_litespeed_web_server 1.2_rc1
lite speed_technologies_litespeed_web_server 1.2_rc2
lite speed_technologies_litespeed_web_server 1.3
lite speed_technologies_litespeed_web_server 1.3.1
lite speed_technologies_litespeed_web_server 1.3_rc1
lite speed_technologies_litespeed_web_server 1.3_rc2
lite speed_technologies_litespeed_web_server 1.3_rc3
neoteris instant_virtual_extranet 3.0
neoteris instant_virtual_extranet 3.1
neoteris instant_virtual_extranet 3.2
neoteris instant_virtual_extranet 3.3
neoteris instant_virtual_extranet 3.3.1
novell edirectory 8.0
novell edirectory 8.5
novell edirectory 8.5.12a
novell edirectory 8.5.27
novell edirectory 8.6.2
novell edirectory 8.7
novell edirectory 8.7.1
novell edirectory 8.7.1
novell imanager 1.5
novell imanager 2.0
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2
redhat openssl 0.9.7a-2
redhat openssl 0.9.7a-2
sgi propack 2.3
sgi propack 2.4
sgi propack 3.0
stonesoft servercluster 2.5
stonesoft servercluster 2.5.2
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonebeat_fullcluster 1_3.0
stonesoft stonebeat_fullcluster 2.0
stonesoft stonebeat_fullcluster 2.5
stonesoft stonebeat_fullcluster 3.0
stonesoft stonebeat_securitycluster 2.0
stonesoft stonebeat_securitycluster 2.5
stonesoft stonebeat_webcluster 2.0
stonesoft stonebeat_webcluster 2.5
stonesoft stonegate 1.5.17
stonesoft stonegate 1.5.18
stonesoft stonegate 1.6.2
stonesoft stonegate 1.6.3
stonesoft stonegate 1.7
stonesoft stonegate 1.7.1
stonesoft stonegate 1.7.2
stonesoft stonegate 2.0.1
stonesoft stonegate 2.0.4
stonesoft stonegate 2.0.5
stonesoft stonegate 2.0.6
stonesoft stonegate 2.0.7
stonesoft stonegate 2.0.8
stonesoft stonegate 2.0.9
stonesoft stonegate 2.1
stonesoft stonegate 2.2
stonesoft stonegate 2.2.1
stonesoft stonegate 2.2.4
stonesoft stonegate_vpn_client 1.7
stonesoft stonegate_vpn_client 1.7.2
stonesoft stonegate_vpn_client 2.0
stonesoft stonegate_vpn_client 2.0.7
stonesoft stonegate_vpn_client 2.0.8
stonesoft stonegate_vpn_client 2.0.9
tarantella tarantella_enterprise 3.20
tarantella tarantella_enterprise 3.30
tarantella tarantella_enterprise 3.40
vmware gsx_server 2.0
vmware gsx_server 2.0.1_build_2129
vmware gsx_server 2.5.1
vmware gsx_server 2.5.1_build_5336
vmware gsx_server 3.0_build_7592
avaya s8300 r2.0.0
avaya s8300 r2.0.1
avaya s8500 r2.0.0
avaya s8500 r2.0.1
avaya s8700 r2.0.0
avaya s8700 r2.0.1
bluecoat proxysg *
cisco call_manager *
cisco content_services_switch_11500 *
cisco gss_4480_global_site_selector *
cisco gss_4490_global_site_selector *
cisco mds_9000 *
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2
securecomputing sidewinder 5.2.0.01
securecomputing sidewinder 5.2.0.02
securecomputing sidewinder 5.2.0.03
securecomputing sidewinder 5.2.0.04
securecomputing sidewinder 5.2.1
securecomputing sidewinder 5.2.1.02
sun crypto_accelerator_4000 1.0
bluecoat cacheos_ca_sa 4.1.10
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.0
cisco pix_firewall_software 6.0\(1\)
cisco pix_firewall_software 6.0\(2\)
cisco pix_firewall_software 6.0\(3\)
cisco pix_firewall_software 6.0\(4\)
cisco pix_firewall_software 6.0\(4.101\)
cisco pix_firewall_software 6.1
cisco pix_firewall_software 6.1\(1\)
cisco pix_firewall_software 6.1\(2\)
cisco pix_firewall_software 6.1\(3\)
cisco pix_firewall_software 6.1\(4\)
cisco pix_firewall_software 6.1\(5\)
cisco pix_firewall_software 6.2
cisco pix_firewall_software 6.2\(1\)
cisco pix_firewall_software 6.2\(2\)
cisco pix_firewall_software 6.2\(3\)
cisco pix_firewall_software 6.2\(3.100\)
cisco pix_firewall_software 6.3
cisco pix_firewall_software 6.3\(1\)
cisco pix_firewall_software 6.3\(2\)
cisco pix_firewall_software 6.3\(3.102\)
cisco pix_firewall_software 6.3\(3.109\)



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
              "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
              "matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
              "matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
              "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
              "matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
              "matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
              "matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
              "matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
              "matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0146341-364C-4085-A2E1-BC8C260FBA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A045971-8756-47E8-9044-C39D08B36F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA95881-7231-4FDA-AF73-04DF9FF0B64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44E85930-3AAD-420B-8E3E-AEC57344F6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00993464-BE09-4691-B3F0-51BBA9FB80C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "896AB39E-2078-4BA2-9522-477BD5F98FD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9279EC-47CF-45F1-B4CC-B2B332E82E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7300C3E-8105-4C23-89B9-7D29CED18C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C59DB2-48DA-4172-A1F5-25CF3B5097AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "715F4E0B-7E4B-4520-A987-9B3ED3136B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA1F606-C558-40FD-9300-6E2796F47BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
              "matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
              "matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
              "matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1C4B3C-5701-4233-BA94-28915713F9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F85F672-0F21-4AD7-8620-13D82F2ECC22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "89070041-613A-4F7B-BD6A-C6091D21FC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A71933-4BD5-4B11-8B14-D997E75F29CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6BE11D-FC02-4950-A554-08CC9D8B1853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80ADAE8-94D4-46A4-A5ED-FF134D808B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "69FA0221-5073-4D45-950F-119497B53FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CC1A110-B203-4962-8E1A-74BD98121AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A92C4D-B024-4D39-9479-409C39586F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8998CC-E372-46D0-8339-47DC8D92D253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF131FDC-BF8D-4A17-99F0-444EB900E83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "880811B3-E78E-456E-972E-DE733F368576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22411F18-2B93-405A-A3B5-2CF0A04977C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71188B7-E6DC-41E5-B619-367341113501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07491444-0196-4504-A971-A5E388B86BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BC6CD2-3291-4E69-8DC6-F3AB853F8931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD43EDDF-58A7-4705-B8C7-FD76C35A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C2E603-568F-40F6-9A7C-439E2A51B37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "703421A7-E8C5-450B-97EF-FD9D99D4B834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
              "matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n  do_change_cipher_spec en OpenSSL  0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda) mediante una h\u00e1bil uni\u00f3n SSL/TLS que provoca un puntero nulo."
    }
  ],
  "id": "CVE-2004-0079",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2004-11-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/11139"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17381"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17398"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17401"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/18247"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-465"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/288574"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20040317.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.trustix.org/errata/2004/0012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/11139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/18247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/288574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20040317.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.trustix.org/errata/2004/0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
cve@mitre.orghttp://fedoranews.org/updates/FEDORA-2004-095.shtml
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107955049331965&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108403850228012&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2004-119.html
cve@mitre.orghttp://secunia.com/advisories/11139
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200403-03.xml
cve@mitre.orghttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
cve@mitre.orghttp://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-465
cve@mitre.orghttp://www.kb.cert.org/vuls/id/465542Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-120.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-121.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-139.html
cve@mitre.orghttp://www.securityfocus.com/bid/9899Vendor Advisory
cve@mitre.orghttp://www.trustix.org/errata/2004/0012
cve@mitre.orghttp://www.uniras.gov.uk/vuls/2004/224012/index.htm
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-078A.htmlUS Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15509
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2004-095.shtml
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107955049331965&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108403850228012&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2004-119.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11139
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200403-03.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-465
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/465542Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-120.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-121.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-139.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9899Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2004/0012
af854a3a-2127-422b-91ae-364da2661108http://www.uniras.gov.uk/vuls/2004/224012/index.htm
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15509
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
Impacted products
Vendor Product Version
cisco firewall_services_module *
cisco firewall_services_module 1.1.2
cisco firewall_services_module 1.1.3
cisco firewall_services_module 1.1_\(3.005\)
cisco firewall_services_module 2.1_\(0.208\)
hp aaa_server *
hp apache-based_web_server 2.0.43.00
hp apache-based_web_server 2.0.43.04
symantec clientless_vpn_gateway_4400 5.0
cisco ciscoworks_common_management_foundation 2.1
cisco ciscoworks_common_services 2.2
avaya converged_communications_server 2.0
avaya sg200 4.4
avaya sg200 4.31.29
avaya sg203 4.4
avaya sg203 4.31.29
avaya sg208 *
avaya sg208 4.4
avaya sg5 4.2
avaya sg5 4.3
avaya sg5 4.4
apple mac_os_x 10.3.3
apple mac_os_x_server 10.3.3
freebsd freebsd 4.8
freebsd freebsd 4.8
freebsd freebsd 4.9
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.2
freebsd freebsd 5.2.1
hp hp-ux 8.05
hp hp-ux 11.00
hp hp-ux 11.11
hp hp-ux 11.23
openbsd openbsd 3.3
openbsd openbsd 3.4
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux_desktop 3.0
redhat linux 7.2
redhat linux 7.3
redhat linux 8.0
sco openserver 5.0.6
sco openserver 5.0.7
cisco ios 12.1\(11\)e
cisco ios 12.1\(11b\)e
cisco ios 12.1\(11b\)e12
cisco ios 12.1\(11b\)e14
cisco ios 12.1\(13\)e9
cisco ios 12.1\(19\)e1
cisco ios 12.2\(14\)sy
cisco ios 12.2\(14\)sy1
cisco ios 12.2sy
cisco ios 12.2za
4d webstar 4.0
4d webstar 5.2
4d webstar 5.2.1
4d webstar 5.2.2
4d webstar 5.2.3
4d webstar 5.2.4
4d webstar 5.3
4d webstar 5.3.1
avaya intuity_audix *
avaya intuity_audix 5.1.46
avaya intuity_audix s3210
avaya intuity_audix s3400
avaya vsu 5
avaya vsu 5x
avaya vsu 100_r2.0.1
avaya vsu 500
avaya vsu 2000_r2.0.1
avaya vsu 5000_r2.0.1
avaya vsu 7500_r2.0.1
avaya vsu 10000_r2.0.1
checkpoint firewall-1 *
checkpoint firewall-1 2.0
checkpoint firewall-1 next_generation_fp0
checkpoint firewall-1 next_generation_fp1
checkpoint firewall-1 next_generation_fp2
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint vpn-1 next_generation
checkpoint vpn-1 next_generation_fp0
checkpoint vpn-1 next_generation_fp1
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco access_registrar *
cisco application_and_content_networking_software *
cisco css_secure_content_accelerator 1.0
cisco css_secure_content_accelerator 2.0
cisco css11000_content_services_switch *
cisco okena_stormwatch 3.2
cisco pix_firewall 6.2.2_.111
cisco threat_response *
cisco webns 6.10
cisco webns 6.10_b4
cisco webns 7.1_0.1.02
cisco webns 7.1_0.2.06
cisco webns 7.2_0.0.03
cisco webns 7.10
cisco webns 7.10_.0.06s
dell bsafe_ssl-j 3.0
dell bsafe_ssl-j 3.0.1
dell bsafe_ssl-j 3.1
hp wbem a.01.05.08
hp wbem a.02.00.00
hp wbem a.02.00.01
lite speed_technologies_litespeed_web_server 1.0.1
lite speed_technologies_litespeed_web_server 1.0.2
lite speed_technologies_litespeed_web_server 1.0.3
lite speed_technologies_litespeed_web_server 1.1
lite speed_technologies_litespeed_web_server 1.1.1
lite speed_technologies_litespeed_web_server 1.2.1
lite speed_technologies_litespeed_web_server 1.2.2
lite speed_technologies_litespeed_web_server 1.2_rc1
lite speed_technologies_litespeed_web_server 1.2_rc2
lite speed_technologies_litespeed_web_server 1.3
lite speed_technologies_litespeed_web_server 1.3.1
lite speed_technologies_litespeed_web_server 1.3_rc1
lite speed_technologies_litespeed_web_server 1.3_rc2
lite speed_technologies_litespeed_web_server 1.3_rc3
neoteris instant_virtual_extranet 3.0
neoteris instant_virtual_extranet 3.1
neoteris instant_virtual_extranet 3.2
neoteris instant_virtual_extranet 3.3
neoteris instant_virtual_extranet 3.3.1
novell edirectory 8.0
novell edirectory 8.5
novell edirectory 8.5.12a
novell edirectory 8.5.27
novell edirectory 8.6.2
novell edirectory 8.7
novell edirectory 8.7.1
novell edirectory 8.7.1
novell imanager 1.5
novell imanager 2.0
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2
redhat openssl 0.9.7a-2
redhat openssl 0.9.7a-2
sgi propack 2.3
sgi propack 2.4
sgi propack 3.0
stonesoft servercluster 2.5
stonesoft servercluster 2.5.2
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonebeat_fullcluster 1_3.0
stonesoft stonebeat_fullcluster 2.0
stonesoft stonebeat_fullcluster 2.5
stonesoft stonebeat_fullcluster 3.0
stonesoft stonebeat_securitycluster 2.0
stonesoft stonebeat_securitycluster 2.5
stonesoft stonebeat_webcluster 2.0
stonesoft stonebeat_webcluster 2.5
stonesoft stonegate 1.5.17
stonesoft stonegate 1.5.18
stonesoft stonegate 1.6.2
stonesoft stonegate 1.6.3
stonesoft stonegate 1.7
stonesoft stonegate 1.7.1
stonesoft stonegate 1.7.2
stonesoft stonegate 2.0.1
stonesoft stonegate 2.0.4
stonesoft stonegate 2.0.5
stonesoft stonegate 2.0.6
stonesoft stonegate 2.0.7
stonesoft stonegate 2.0.8
stonesoft stonegate 2.0.9
stonesoft stonegate 2.1
stonesoft stonegate 2.2
stonesoft stonegate 2.2.1
stonesoft stonegate 2.2.4
stonesoft stonegate_vpn_client 1.7
stonesoft stonegate_vpn_client 1.7.2
stonesoft stonegate_vpn_client 2.0
stonesoft stonegate_vpn_client 2.0.7
stonesoft stonegate_vpn_client 2.0.8
stonesoft stonegate_vpn_client 2.0.9
tarantella tarantella_enterprise 3.20
tarantella tarantella_enterprise 3.30
tarantella tarantella_enterprise 3.40
vmware gsx_server 2.0
vmware gsx_server 2.0.1_build_2129
vmware gsx_server 2.5.1
vmware gsx_server 2.5.1_build_5336
vmware gsx_server 3.0_build_7592
avaya s8300 r2.0.0
avaya s8300 r2.0.1
avaya s8500 r2.0.0
avaya s8500 r2.0.1
avaya s8700 r2.0.0
avaya s8700 r2.0.1
bluecoat proxysg *
cisco call_manager *
cisco content_services_switch_11500 *
cisco gss_4480_global_site_selector *
cisco gss_4490_global_site_selector *
cisco mds_9000 *
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2
securecomputing sidewinder 5.2.0.01
securecomputing sidewinder 5.2.0.02
securecomputing sidewinder 5.2.0.03
securecomputing sidewinder 5.2.0.04
securecomputing sidewinder 5.2.1
securecomputing sidewinder 5.2.1.02
sun crypto_accelerator_4000 1.0
bluecoat cacheos_ca_sa 4.1.10
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.0
cisco pix_firewall_software 6.0\(1\)
cisco pix_firewall_software 6.0\(2\)
cisco pix_firewall_software 6.0\(3\)
cisco pix_firewall_software 6.0\(4\)
cisco pix_firewall_software 6.0\(4.101\)
cisco pix_firewall_software 6.1
cisco pix_firewall_software 6.1\(1\)
cisco pix_firewall_software 6.1\(2\)
cisco pix_firewall_software 6.1\(3\)
cisco pix_firewall_software 6.1\(4\)
cisco pix_firewall_software 6.1\(5\)
cisco pix_firewall_software 6.2
cisco pix_firewall_software 6.2\(1\)
cisco pix_firewall_software 6.2\(2\)
cisco pix_firewall_software 6.2\(3\)
cisco pix_firewall_software 6.2\(3.100\)
cisco pix_firewall_software 6.3
cisco pix_firewall_software 6.3\(1\)
cisco pix_firewall_software 6.3\(2\)
cisco pix_firewall_software 6.3\(3.102\)
cisco pix_firewall_software 6.3\(3.109\)



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
              "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
              "matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
              "matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
              "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
              "matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
              "matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
              "matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
              "matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
              "matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation:*:*:*:*:*:*:*",
              "matchCriteriaId": "C48F4DF4-8091-45D0-9F80-F760500B1202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A045971-8756-47E8-9044-C39D08B36F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA95881-7231-4FDA-AF73-04DF9FF0B64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44E85930-3AAD-420B-8E3E-AEC57344F6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00993464-BE09-4691-B3F0-51BBA9FB80C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "896AB39E-2078-4BA2-9522-477BD5F98FD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9279EC-47CF-45F1-B4CC-B2B332E82E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7300C3E-8105-4C23-89B9-7D29CED18C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C59DB2-48DA-4172-A1F5-25CF3B5097AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "715F4E0B-7E4B-4520-A987-9B3ED3136B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA1F606-C558-40FD-9300-6E2796F47BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
              "matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
              "matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
              "matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1C4B3C-5701-4233-BA94-28915713F9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F85F672-0F21-4AD7-8620-13D82F2ECC22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "89070041-613A-4F7B-BD6A-C6091D21FC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A71933-4BD5-4B11-8B14-D997E75F29CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6BE11D-FC02-4950-A554-08CC9D8B1853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80ADAE8-94D4-46A4-A5ED-FF134D808B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "69FA0221-5073-4D45-950F-119497B53FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CC1A110-B203-4962-8E1A-74BD98121AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A92C4D-B024-4D39-9479-409C39586F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8998CC-E372-46D0-8339-47DC8D92D253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF131FDC-BF8D-4A17-99F0-444EB900E83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "880811B3-E78E-456E-972E-DE733F368576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22411F18-2B93-405A-A3B5-2CF0A04977C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71188B7-E6DC-41E5-B619-367341113501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07491444-0196-4504-A971-A5E388B86BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BC6CD2-3291-4E69-8DC6-F3AB853F8931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD43EDDF-58A7-4705-B8C7-FD76C35A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C2E603-568F-40F6-9A7C-439E2A51B37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "703421A7-E8C5-450B-97EF-FD9D99D4B834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
              "matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
    },
    {
      "lang": "es",
      "value": "OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS."
    }
  ],
  "id": "CVE-2004-0081",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-11-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/11139"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-465"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/465542"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9899"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2004/0012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/11139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/465542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2004/0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
cve@mitre.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascBroken Link
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtBroken Link
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834Broken Link
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=61798Broken Link
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlMailing List
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlMailing List
cve@mitre.orghttp://lists.apple.com/mhonarc/security-announce/msg00045.htmlBroken Link
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing List, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing List, Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/11139Broken Link
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
cve@mitre.orghttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524Broken Link
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-101.shtmlBroken Link
cve@mitre.orghttp://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlBroken Link
cve@mitre.orghttp://www.kb.cert.org/vuls/id/484726Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:023Third Party Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_07_openssl.htmlBroken Link
cve@mitre.orghttp://www.openssl.org/news/secadv_20040317.txtBroken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-120.htmlBroken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-121.htmlBroken Link
cve@mitre.orghttp://www.securityfocus.com/bid/9899Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
cve@mitre.orghttp://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961Broken Link
cve@mitre.orghttp://www.trustix.org/errata/2004/0012Broken Link
cve@mitre.orghttp://www.uniras.gov.uk/vuls/2004/224012/index.htmBroken Link
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-078A.htmlBroken Link, Third Party Advisory, US Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15508Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580Broken Link
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascBroken Link
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834Broken Link
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=61798Broken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/mhonarc/security-announce/msg00045.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11139Broken Link
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-101.shtmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/484726Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:023Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_07_openssl.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20040317.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-120.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-121.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9899Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2004/0012Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.uniras.gov.uk/vuls/2004/224012/index.htmBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlBroken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15508Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580Broken Link
Impacted products
Vendor Product Version
cisco firewall_services_module *
cisco firewall_services_module 1.1.2
cisco firewall_services_module 1.1.3
cisco firewall_services_module 1.1_\(3.005\)
cisco firewall_services_module 2.1_\(0.208\)
hp aaa_server *
hp apache-based_web_server 2.0.43.00
hp apache-based_web_server 2.0.43.04
symantec clientless_vpn_gateway_4400 5.0
cisco ciscoworks_common_management_foundation 2.1
cisco ciscoworks_common_services 2.2
avaya converged_communications_server 2.0
avaya sg200 4.4
avaya sg200 4.31.29
avaya sg203 4.4
avaya sg203 4.31.29
avaya sg208 *
avaya sg208 4.4
avaya sg5 4.2
avaya sg5 4.3
avaya sg5 4.4
apple mac_os_x 10.3.3
apple mac_os_x_server 10.3.3
freebsd freebsd 4.8
freebsd freebsd 4.8
freebsd freebsd 4.9
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.1
freebsd freebsd 5.2
freebsd freebsd 5.2.1
hp hp-ux 8.05
hp hp-ux 11.00
hp hp-ux 11.11
hp hp-ux 11.23
openbsd openbsd 3.3
openbsd openbsd 3.4
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux_desktop 3.0
redhat linux 7.2
redhat linux 7.3
redhat linux 8.0
sco openserver 5.0.6
sco openserver 5.0.7
cisco ios 12.1\(11\)e
cisco ios 12.1\(11b\)e
cisco ios 12.1\(11b\)e12
cisco ios 12.1\(11b\)e14
cisco ios 12.1\(13\)e9
cisco ios 12.1\(19\)e1
cisco ios 12.2\(14\)sy
cisco ios 12.2\(14\)sy1
cisco ios 12.2sy
cisco ios 12.2za
4d webstar 4.0
4d webstar 5.2
4d webstar 5.2.1
4d webstar 5.2.2
4d webstar 5.2.3
4d webstar 5.2.4
4d webstar 5.3
4d webstar 5.3.1
avaya intuity_audix *
avaya intuity_audix 5.1.46
avaya intuity_audix s3210
avaya intuity_audix s3400
avaya vsu 5
avaya vsu 5x
avaya vsu 100_r2.0.1
avaya vsu 500
avaya vsu 2000_r2.0.1
avaya vsu 5000_r2.0.1
avaya vsu 7500_r2.0.1
avaya vsu 10000_r2.0.1
checkpoint firewall-1 *
checkpoint firewall-1 2.0
checkpoint firewall-1 next_generation_fp0
checkpoint firewall-1 next_generation_fp1
checkpoint firewall-1 next_generation_fp2
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint provider-1 4.1
checkpoint vpn-1 next_generation_fp0
checkpoint vpn-1 next_generation_fp1
checkpoint vpn-1 next_generation_fp2
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco access_registrar *
cisco application_and_content_networking_software *
cisco css_secure_content_accelerator 1.0
cisco css_secure_content_accelerator 2.0
cisco css11000_content_services_switch *
cisco okena_stormwatch 3.2
cisco pix_firewall 6.2.2_.111
cisco threat_response *
cisco webns 6.10
cisco webns 6.10_b4
cisco webns 7.1_0.1.02
cisco webns 7.1_0.2.06
cisco webns 7.2_0.0.03
cisco webns 7.10
cisco webns 7.10_.0.06s
dell bsafe_ssl-j 3.0
dell bsafe_ssl-j 3.0.1
dell bsafe_ssl-j 3.1
forcepoint stonegate 1.5.17
forcepoint stonegate 1.5.18
forcepoint stonegate 1.6.2
forcepoint stonegate 1.6.3
forcepoint stonegate 1.7
forcepoint stonegate 1.7.1
forcepoint stonegate 1.7.2
forcepoint stonegate 2.0.1
forcepoint stonegate 2.0.4
forcepoint stonegate 2.0.5
forcepoint stonegate 2.0.6
forcepoint stonegate 2.0.7
forcepoint stonegate 2.0.8
forcepoint stonegate 2.0.9
forcepoint stonegate 2.1
forcepoint stonegate 2.2
forcepoint stonegate 2.2.1
forcepoint stonegate 2.2.4
hp wbem a.01.05.08
hp wbem a.02.00.00
hp wbem a.02.00.01
litespeedtech litespeed_web_server 1.0.1
litespeedtech litespeed_web_server 1.0.2
litespeedtech litespeed_web_server 1.0.3
litespeedtech litespeed_web_server 1.1
litespeedtech litespeed_web_server 1.1.1
litespeedtech litespeed_web_server 1.2
litespeedtech litespeed_web_server 1.2
litespeedtech litespeed_web_server 1.2.1
litespeedtech litespeed_web_server 1.2.2
litespeedtech litespeed_web_server 1.3
litespeedtech litespeed_web_server 1.3
litespeedtech litespeed_web_server 1.3
litespeedtech litespeed_web_server 1.3
neoteris instant_virtual_extranet 3.0
neoteris instant_virtual_extranet 3.1
neoteris instant_virtual_extranet 3.2
neoteris instant_virtual_extranet 3.3
neoteris instant_virtual_extranet 3.3.1
novell edirectory 8.0
novell edirectory 8.5
novell edirectory 8.5.12a
novell edirectory 8.5.27
novell edirectory 8.6.2
novell edirectory 8.7
novell edirectory 8.7.1
novell edirectory 8.7.1
novell imanager 1.5
novell imanager 2.0
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
redhat openssl 0.9.6-15
redhat openssl 0.9.6b-3
redhat openssl 0.9.7a-2
redhat openssl 0.9.7a-2
redhat openssl 0.9.7a-2
sgi propack 2.3
sgi propack 2.4
sgi propack 3.0
stonesoft servercluster 2.5
stonesoft servercluster 2.5.2
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonebeat_fullcluster 1_3.0
stonesoft stonebeat_fullcluster 2.0
stonesoft stonebeat_fullcluster 2.5
stonesoft stonebeat_fullcluster 3.0
stonesoft stonebeat_securitycluster 2.0
stonesoft stonebeat_securitycluster 2.5
stonesoft stonebeat_webcluster 2.0
stonesoft stonebeat_webcluster 2.5
tarantella tarantella_enterprise 3.20
tarantella tarantella_enterprise 3.30
tarantella tarantella_enterprise 3.40
vmware gsx_server 2.0
vmware gsx_server 2.0.1_build_2129
vmware gsx_server 2.5.1
vmware gsx_server 2.5.1_build_5336
vmware gsx_server 3.0_build_7592
avaya s8300 r2.0.0
avaya s8300 r2.0.1
avaya s8500 r2.0.0
avaya s8500 r2.0.1
avaya s8700 r2.0.0
avaya s8700 r2.0.1
bluecoat proxysg *
cisco call_manager *
cisco content_services_switch_11500 *
cisco gss_4480_global_site_selector *
cisco gss_4490_global_site_selector *
cisco mds_9000 *
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2
securecomputing sidewinder 5.2.0.01
securecomputing sidewinder 5.2.0.02
securecomputing sidewinder 5.2.0.03
securecomputing sidewinder 5.2.0.04
securecomputing sidewinder 5.2.1
securecomputing sidewinder 5.2.1.02
sun crypto_accelerator_4000 1.0
bluecoat cacheos_ca_sa 4.1.10
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.0
cisco pix_firewall_software 6.0\(1\)
cisco pix_firewall_software 6.0\(2\)
cisco pix_firewall_software 6.0\(3\)
cisco pix_firewall_software 6.0\(4\)
cisco pix_firewall_software 6.0\(4.101\)
cisco pix_firewall_software 6.1
cisco pix_firewall_software 6.1\(1\)
cisco pix_firewall_software 6.1\(2\)
cisco pix_firewall_software 6.1\(3\)
cisco pix_firewall_software 6.1\(4\)
cisco pix_firewall_software 6.1\(5\)
cisco pix_firewall_software 6.2
cisco pix_firewall_software 6.2\(1\)
cisco pix_firewall_software 6.2\(2\)
cisco pix_firewall_software 6.2\(3\)
cisco pix_firewall_software 6.2\(3.100\)
cisco pix_firewall_software 6.3
cisco pix_firewall_software 6.3\(1\)
cisco pix_firewall_software 6.3\(2\)
cisco pix_firewall_software 6.3\(3.102\)
cisco pix_firewall_software 6.3\(3.109\)



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
              "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
              "matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
              "matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
              "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
              "matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
              "matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
              "matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
              "matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
              "matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0146341-364C-4085-A2E1-BC8C260FBA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2AD44D-3BE8-4541-B62D-9F01D46F8E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF2E08B-9046-41A1-BEDE-EB0B6436315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "811E1BE8-3868-49F8-B6E8-D5705559B02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D67C9DB4-E46C-4E84-82D9-AF48EFDAEFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF0E1BF0-6629-40DC-AB23-0256BABD0CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AC4E7E5-FCC1-46B0-B69F-F1F6B36838ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4AED89-F862-4071-8E94-481A59EDAE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A3CB6FF-3840-4E80-A0A4-614D6686D2B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67010B0B-ECE7-4EE5-B103-05DC637E150F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1355EF99-35FC-44A7-BC56-F7C0EA49BF0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDA8F10-B059-4403-A790-EFC8822588B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06BCD31-3FB6-468B-9BC9-EA573717B19F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "360238CC-3BF5-4750-B16D-8A2E0257022E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C55C754-E213-4E79-AA7B-2CAF8A464388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA524-5A79-408C-BBF2-5780BC522B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D599C49D-4D7D-4C44-9D8D-A3F76746BBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B4DC717-0785-4C19-8A33-ACA5F378DF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:forcepoint:stonegate:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "858843D3-84BB-48B6-80D1-1271AE60150D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7B80E0-40BB-4B4E-9711-AF293A038DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFCFFE8-9CAD-4A7F-9751-8627E6297C9F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3653856-207E-46A7-92DD-D7F377F1829A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4627BB-0D75-44BC-989F-0E85C9FA0E2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19053434-F9E7-4839-AB5A-B226CC4616A5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D04CABBA-7BEB-44EC-A6E4-A31E41A62BD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8D15C938-4DAB-4011-80EE-A2663E20BFC1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C056ED-2492-4B1C-BCB9-4F36806C4A48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72FC232-A2CB-443B-9A4A-8BBFEFE6517C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "BA347CD3-0619-4EA2-A736-B59EE9E3AC12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4ACEF29C-3225-43A7-9E07-FBCCF555887E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "46D932AF-FB1A-464D-BA3D-2DC2D3C187CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9F532860-9E26-45C3-9FB3-6B0888F1279A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
              "matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
              "matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
              "matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
              "matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2004-0112",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-11-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/11139"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/484726"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.openssl.org/news/secadv_20040317.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.trustix.org/errata/2004/0012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/11139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/484726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.openssl.org/news/secadv_20040317.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.trustix.org/errata/2004/0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-1387 (GCVE-0-2009-1387)
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:13
Severity ?
CWE
  • n/a
Summary
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
References
http://secunia.com/advisories/38794 third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.html mailing-list, x_refsource_MLIST
http://cvs.openssl.org/chngview?cn=17958 x_refsource_CONFIRM
http://secunia.com/advisories/35729 third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xml vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/06/02/1 mailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1335.html vendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 vendor-advisory, x_refsource_HP
http://secunia.com/advisories/37003 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36533 third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-792-1 vendor-advisory, x_refsource_UBUNTU
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 vdb-entry, signature, x_refsource_OVAL
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc vendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/38834 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35685 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35571 third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html vendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 vdb-entry, signature, x_refsource_OVAL
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/0528 vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=17958"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "37003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "oval:org.mitre.oval:def:7592",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "35685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35685"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "SUSE-SR:2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10740",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=17958"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "37003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37003"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "oval:org.mitre.oval:def:7592",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "35685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35685"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "SUSE-SR:2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10740",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-1387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38794",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=17958",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=17958"
            },
            {
              "name": "35729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35729"
            },
            {
              "name": "GLSA-200912-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
            },
            {
              "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
            },
            {
              "name": "RHSA-2009:1335",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
            },
            {
              "name": "HPSBMA02492",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
            },
            {
              "name": "37003",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37003"
            },
            {
              "name": "36533",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36533"
            },
            {
              "name": "USN-792-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-792-1"
            },
            {
              "name": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "oval:org.mitre.oval:def:7592",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
            },
            {
              "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
              "refsource": "CONFIRM",
              "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
            },
            {
              "name": "NetBSD-SA2009-009",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
            },
            {
              "name": "38834",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "35685",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35685"
            },
            {
              "name": "35571",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35571"
            },
            {
              "name": "SUSE-SR:2009:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10740",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
            },
            {
              "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
            },
            {
              "name": "SSRT100079",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
            },
            {
              "name": "ADV-2010-0528",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1387",
    "datePublished": "2009-06-04T16:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1386 (GCVE-0-2009-1386)
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:13
Severity ?
CWE
  • n/a
Summary
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
References
http://secunia.com/advisories/38794 third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.html mailing-list, x_refsource_MLIST
http://secunia.com/advisories/35729 third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=17369 x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/06/02/1 mailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1335.html vendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 vendor-advisory, x_refsource_HP
http://secunia.com/advisories/36533 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179 vdb-entry, signature, x_refsource_OVAL
http://www.ubuntu.com/usn/USN-792-1 vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469 vdb-entry, signature, x_refsource_OVAL
http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc vendor-advisory, x_refsource_NETBSD
http://secunia.com/advisories/38834 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/50963 vdb-entry, x_refsource_XF
http://secunia.com/advisories/35685 third-party-advisory, x_refsource_SECUNIA
https://www.exploit-db.com/exploits/8873 exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/35571 third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/35174 vdb-entry, x_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/0528 vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=17369"
          },
          {
            "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "oval:org.mitre.oval:def:11179",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "oval:org.mitre.oval:def:7469",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "openssl-changecipherspec-dos(50963)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963"
          },
          {
            "name": "35685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35685"
          },
          {
            "name": "8873",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8873"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "SUSE-SR:2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
          },
          {
            "name": "35174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35174"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=17369"
        },
        {
          "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "oval:org.mitre.oval:def:11179",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "name": "oval:org.mitre.oval:def:7469",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "openssl-changecipherspec-dos(50963)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963"
        },
        {
          "name": "35685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35685"
        },
        {
          "name": "8873",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8873"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "SUSE-SR:2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
        },
        {
          "name": "35174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35174"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1386",
    "datePublished": "2009-06-04T16:00:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2333 (GCVE-0-2012-2333)
Vulnerability from cvelistv5
Published
2012-05-14 22:00
Modified
2024-08-06 19:34
Severity ?
CWE
  • n/a
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
http://www.securityfocus.com/bid/53476 vdb-entry, x_refsource_BID
http://secunia.com/advisories/49116 third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134919053717161&w=2 vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/51312 third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1308.html vendor-advisory, x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22538 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1307.html vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136432043316835&w=2 vendor-advisory, x_refsource_HP
http://support.apple.com/kb/HT5784 x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/49208 third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/737740 third-party-advisory, x_refsource_CERT-VN
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html vendor-advisory, x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=820686 x_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22547 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1306.html vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/50768 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/49324 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525 vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=136432043316835&w=2 vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html vendor-advisory, x_refsource_SUSE
http://www.openssl.org/news/secadv_20120510.txt x_refsource_CONFIRM
http://www.securitytracker.com/id?1027057 vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html vendor-advisory, x_refsource_FEDORA
http://www.cert.fi/en/reports/2012/vulnerability641549.html x_refsource_MISC
http://marc.info/?l=bugtraq&m=134919053717161&w=2 vendor-advisory, x_refsource_HP
http://www.debian.org/security/2012/dsa-2475 vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:073 vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-0699.html vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "53476",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53476"
          },
          {
            "name": "49116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49116"
          },
          {
            "name": "SSRT100930",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "51312",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51312"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22538"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "name": "SSRT101108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "49208",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49208"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "SUSE-SU-2012:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22547"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "50768",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50768"
          },
          {
            "name": "49324",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49324"
          },
          {
            "name": "openssl-tls-record-dos(75525)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
          },
          {
            "name": "HPSBOV02852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SUSE-SU-2012:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120510.txt"
          },
          {
            "name": "1027057",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027057"
          },
          {
            "name": "FEDORA-2012-7939",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
          },
          {
            "name": "HPSBUX02814",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
          },
          {
            "name": "DSA-2475",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2475"
          },
          {
            "name": "MDVSA-2012:073",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
          },
          {
            "name": "RHSA-2012:0699",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "53476",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53476"
        },
        {
          "name": "49116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49116"
        },
        {
          "name": "SSRT100930",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "name": "51312",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51312"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22538"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "name": "SSRT101108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "49208",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49208"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "SUSE-SU-2012:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22547"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "50768",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50768"
        },
        {
          "name": "49324",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49324"
        },
        {
          "name": "openssl-tls-record-dos(75525)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
        },
        {
          "name": "HPSBOV02852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SUSE-SU-2012:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120510.txt"
        },
        {
          "name": "1027057",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027057"
        },
        {
          "name": "FEDORA-2012-7939",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
        },
        {
          "name": "HPSBUX02814",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
        },
        {
          "name": "DSA-2475",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2475"
        },
        {
          "name": "MDVSA-2012:073",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
        },
        {
          "name": "RHSA-2012:0699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "53476",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53476"
            },
            {
              "name": "49116",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49116"
            },
            {
              "name": "SSRT100930",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "51312",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51312"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22538",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22538"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "SSRT101108",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "49208",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49208"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "SUSE-SU-2012:0679",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=820686",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22547",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22547"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "50768",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50768"
            },
            {
              "name": "49324",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49324"
            },
            {
              "name": "openssl-tls-record-dos(75525)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525"
            },
            {
              "name": "HPSBOV02852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SUSE-SU-2012:0678",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120510.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120510.txt"
            },
            {
              "name": "1027057",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027057"
            },
            {
              "name": "FEDORA-2012-7939",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html"
            },
            {
              "name": "http://www.cert.fi/en/reports/2012/vulnerability641549.html",
              "refsource": "MISC",
              "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html"
            },
            {
              "name": "HPSBUX02814",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2"
            },
            {
              "name": "DSA-2475",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2475"
            },
            {
              "name": "MDVSA-2012:073",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073"
            },
            {
              "name": "RHSA-2012:0699",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2333",
    "datePublished": "2012-05-14T22:00:00",
    "dateReserved": "2012-04-19T00:00:00",
    "dateUpdated": "2024-08-06T19:34:25.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0079 (GCVE-0-2004-0079)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2025-01-16 17:33
CWE
  • n/a
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
http://www.securityfocus.com/bid/9899 vdb-entry, x_refsource_BID
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html vendor-advisory, x_refsource_FEDORA
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html vendor-advisory, x_refsource_ENGARDE
http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023 vendor-advisory, x_refsource_MANDRAKE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621 vdb-entry, signature, x_refsource_OVAL
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt vendor-advisory, x_refsource_SCO
http://secunia.com/advisories/17381 third-party-advisory, x_refsource_SECUNIA
http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779 vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975 vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_07_openssl.html vendor-advisory, x_refsource_SUSE
http://lists.apple.com/mhonarc/security-announce/msg00045.html x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc vendor-advisory, x_refsource_FREEBSD
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc vendor-advisory, x_refsource_NETBSD
http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisory, government-resource, x_refsource_CIAC
http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisory, x_refsource_CERT
http://secunia.com/advisories/17401 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-829.html vendor-advisory, x_refsource_REDHAT
http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870 vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-830.html vendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/11139 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-list, x_refsource_BUGTRAQ
http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/17398 third-party-advisory, x_refsource_SECUNIA
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961 vendor-advisory, x_refsource_SLACKWARE
http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/15505 vdb-entry, x_refsource_XF
http://www.trustix.org/errata/2004/0012 vendor-advisory, x_refsource_TRUSTIX
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml vendor-advisory, x_refsource_CISCO
http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/288574 third-party-advisory, x_refsource_CERT-VN
http://www.debian.org/security/2004/dsa-465 vendor-advisory, x_refsource_DEBIAN
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/18247 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770 vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9899"
          },
          {
            "name": "FEDORA-2005-1042",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
          },
          {
            "name": "ESA-20040317-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
          },
          {
            "name": "SSRT4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
          },
          {
            "name": "RHSA-2004:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
          },
          {
            "name": "MDKSA-2004:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
          },
          {
            "name": "oval:org.mitre.oval:def:2621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
          },
          {
            "name": "CLA-2004:834",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
          },
          {
            "name": "SCOSA-2004.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
          },
          {
            "name": "17381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17381"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
          },
          {
            "name": "FEDORA-2004-095",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
          },
          {
            "name": "oval:org.mitre.oval:def:9779",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
          },
          {
            "name": "oval:org.mitre.oval:def:975",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
          },
          {
            "name": "57524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
          },
          {
            "name": "SuSE-SA:2004:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20040317.txt"
          },
          {
            "name": "FreeBSD-SA-04:05",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
          },
          {
            "name": "NetBSD-SA2004-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
          },
          {
            "name": "O-101",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
          },
          {
            "name": "TA04-078A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
          },
          {
            "name": "17401",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17401"
          },
          {
            "name": "RHSA-2005:829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:870",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
          },
          {
            "name": "RHSA-2005:830",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
          },
          {
            "name": "GLSA-200403-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
          },
          {
            "name": "11139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11139"
          },
          {
            "name": "RHSA-2004:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
          },
          {
            "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
          },
          {
            "name": "APPLE-SA-2005-08-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
          },
          {
            "name": "17398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17398"
          },
          {
            "name": "SSA:2004-077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
          },
          {
            "name": "RHSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
          },
          {
            "name": "openssl-dochangecipherspec-dos(15505)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
          },
          {
            "name": "2004-0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0012"
          },
          {
            "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=61798"
          },
          {
            "name": "VU#288574",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/288574"
          },
          {
            "name": "DSA-465",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-465"
          },
          {
            "name": "APPLE-SA-2005-08-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
          },
          {
            "name": "18247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18247"
          },
          {
            "name": "oval:org.mitre.oval:def:5770",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2004-0079",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-08T16:21:54.985893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T17:33:22.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9899"
        },
        {
          "name": "FEDORA-2005-1042",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
        },
        {
          "name": "ESA-20040317-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
        },
        {
          "name": "SSRT4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
        },
        {
          "name": "RHSA-2004:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
        },
        {
          "name": "MDKSA-2004:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
        },
        {
          "name": "oval:org.mitre.oval:def:2621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
        },
        {
          "name": "CLA-2004:834",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
        },
        {
          "name": "SCOSA-2004.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
        },
        {
          "name": "17381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17381"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
        },
        {
          "name": "FEDORA-2004-095",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
        },
        {
          "name": "oval:org.mitre.oval:def:9779",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
        },
        {
          "name": "oval:org.mitre.oval:def:975",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
        },
        {
          "name": "57524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
        },
        {
          "name": "SuSE-SA:2004:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20040317.txt"
        },
        {
          "name": "FreeBSD-SA-04:05",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
        },
        {
          "name": "NetBSD-SA2004-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
        },
        {
          "name": "O-101",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
        },
        {
          "name": "TA04-078A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
        },
        {
          "name": "17401",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17401"
        },
        {
          "name": "RHSA-2005:829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
        },
        {
          "name": "oval:org.mitre.oval:def:870",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
        },
        {
          "name": "RHSA-2005:830",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
        },
        {
          "name": "GLSA-200403-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
        },
        {
          "name": "11139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11139"
        },
        {
          "name": "RHSA-2004:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
        },
        {
          "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
        },
        {
          "name": "APPLE-SA-2005-08-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
        },
        {
          "name": "17398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17398"
        },
        {
          "name": "SSA:2004-077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
        },
        {
          "name": "RHSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
        },
        {
          "name": "openssl-dochangecipherspec-dos(15505)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
        },
        {
          "name": "2004-0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0012"
        },
        {
          "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=61798"
        },
        {
          "name": "VU#288574",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/288574"
        },
        {
          "name": "DSA-465",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-465"
        },
        {
          "name": "APPLE-SA-2005-08-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
        },
        {
          "name": "18247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18247"
        },
        {
          "name": "oval:org.mitre.oval:def:5770",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9899",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "FEDORA-2005-1042",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "ESA-20040317-003",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "SSRT4717",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "oval:org.mitre.oval:def:2621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
            },
            {
              "name": "CLA-2004:834",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "17381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9779",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
            },
            {
              "name": "oval:org.mitre.oval:def:975",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
            },
            {
              "name": "57524",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20040317.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "FreeBSD-SA-04:05",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
            },
            {
              "name": "NetBSD-SA2004-005",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "17401",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17401"
            },
            {
              "name": "RHSA-2005:829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:870",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
            },
            {
              "name": "RHSA-2005:830",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
            },
            {
              "name": "GLSA-200403-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
              "refsource": "CONFIRM",
              "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "17398",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17398"
            },
            {
              "name": "SSA:2004-077",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "RHSA-2004:139",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "openssl-dochangecipherspec-dos(15505)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
            },
            {
              "name": "2004-0012",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=61798",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "VU#288574",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/288574"
            },
            {
              "name": "DSA-465",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-465"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "18247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18247"
            },
            {
              "name": "oval:org.mitre.oval:def:5770",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0079",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2025-01-16T17:33:22.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0112 (GCVE-0-2004-0112)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
CWE
  • n/a
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
http://www.securityfocus.com/bid/9899 vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023 vendor-advisory, x_refsource_MANDRAKE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt vendor-advisory, x_refsource_SCO
http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_07_openssl.html vendor-advisory, x_refsource_SUSE
http://lists.apple.com/mhonarc/security-announce/msg00045.html x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc vendor-advisory, x_refsource_NETBSD
http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisory, government-resource, x_refsource_CIAC
http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049 vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/15508 vdb-entry, x_refsource_XF
http://www.kb.cert.org/vuls/id/484726 third-party-advisory, x_refsource_CERT-VN
http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/11139 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-list, x_refsource_BUGTRAQ
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html vendor-advisory, x_refsource_APPLE
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961 vendor-advisory, x_refsource_SLACKWARE
http://www.trustix.org/errata/2004/0012 vendor-advisory, x_refsource_TRUSTIX
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml vendor-advisory, x_refsource_CISCO
http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html vendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928 vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:03.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9899"
          },
          {
            "name": "SSRT4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
          },
          {
            "name": "RHSA-2004:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
          },
          {
            "name": "MDKSA-2004:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
          },
          {
            "name": "CLA-2004:834",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
          },
          {
            "name": "SCOSA-2004.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
          },
          {
            "name": "57524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
          },
          {
            "name": "SuSE-SA:2004:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20040317.txt"
          },
          {
            "name": "NetBSD-SA2004-005",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
          },
          {
            "name": "O-101",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
          },
          {
            "name": "TA04-078A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1049",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
          },
          {
            "name": "openssl-kerberos-ciphersuites-dos(15508)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
          },
          {
            "name": "VU#484726",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/484726"
          },
          {
            "name": "GLSA-200403-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:9580",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
          },
          {
            "name": "11139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11139"
          },
          {
            "name": "RHSA-2004:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
          },
          {
            "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
          },
          {
            "name": "APPLE-SA-2005-08-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
          },
          {
            "name": "SSA:2004-077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
          },
          {
            "name": "2004-0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0012"
          },
          {
            "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=61798"
          },
          {
            "name": "APPLE-SA-2005-08-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
          },
          {
            "name": "oval:org.mitre.oval:def:928",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9899"
        },
        {
          "name": "SSRT4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
        },
        {
          "name": "RHSA-2004:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
        },
        {
          "name": "MDKSA-2004:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
        },
        {
          "name": "CLA-2004:834",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
        },
        {
          "name": "SCOSA-2004.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
        },
        {
          "name": "57524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
        },
        {
          "name": "SuSE-SA:2004:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20040317.txt"
        },
        {
          "name": "NetBSD-SA2004-005",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
        },
        {
          "name": "O-101",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
        },
        {
          "name": "TA04-078A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1049",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
        },
        {
          "name": "openssl-kerberos-ciphersuites-dos(15508)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
        },
        {
          "name": "VU#484726",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/484726"
        },
        {
          "name": "GLSA-200403-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:9580",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
        },
        {
          "name": "11139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11139"
        },
        {
          "name": "RHSA-2004:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
        },
        {
          "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
        },
        {
          "name": "APPLE-SA-2005-08-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
        },
        {
          "name": "SSA:2004-077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
        },
        {
          "name": "2004-0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0012"
        },
        {
          "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=61798"
        },
        {
          "name": "APPLE-SA-2005-08-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
        },
        {
          "name": "oval:org.mitre.oval:def:928",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9899",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "SSRT4717",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "CLA-2004:834",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "57524",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20040317.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "NetBSD-SA2004-005",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1049",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
            },
            {
              "name": "openssl-kerberos-ciphersuites-dos(15508)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
            },
            {
              "name": "VU#484726",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/484726"
            },
            {
              "name": "GLSA-200403-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9580",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
            },
            {
              "name": "11139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "SSA:2004-077",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "2004-0012",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=61798",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:928",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0112",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-02-02T00:00:00",
    "dateUpdated": "2024-08-08T00:10:03.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0081 (GCVE-0-2004-0081)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
CWE
  • n/a
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
http://www.securityfocus.com/bid/9899 vdb-entry, x_refsource_BID
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html vendor-advisory, x_refsource_ENGARDE
http://marc.info/?l=bugtraq&m=107955049331965&w=2 mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisory, x_refsource_REDHAT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt vendor-advisory, x_refsource_SCO
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc vendor-advisory, x_refsource_SGI
https://exchange.xforce.ibmcloud.com/vulnerabilities/15509 vdb-entry, x_refsource_XF
http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisory, x_refsource_FEDORA
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871 vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755 vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/465542 third-party-advisory, x_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisory, x_refsource_CERT
http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/11139 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902 vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisory, x_refsource_REDHAT
http://www.trustix.org/errata/2004/0012 vendor-advisory, x_refsource_TRUSTIX
http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-list, x_refsource_BUGTRAQ
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml vendor-advisory, x_refsource_CISCO
http://www.debian.org/security/2004/dsa-465 vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9899"
          },
          {
            "name": "ESA-20040317-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
          },
          {
            "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
          },
          {
            "name": "RHSA-2004:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
          },
          {
            "name": "CLA-2004:834",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
          },
          {
            "name": "SCOSA-2004.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
          },
          {
            "name": "20040304-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
          },
          {
            "name": "openssl-tls-dos(15509)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
          },
          {
            "name": "FEDORA-2004-095",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
          },
          {
            "name": "57524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
          },
          {
            "name": "oval:org.mitre.oval:def:871",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
          },
          {
            "name": "oval:org.mitre.oval:def:11755",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
          },
          {
            "name": "VU#465542",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/465542"
          },
          {
            "name": "TA04-078A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
          },
          {
            "name": "GLSA-200403-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
          },
          {
            "name": "11139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11139"
          },
          {
            "name": "RHSA-2004:120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
          },
          {
            "name": "RHSA-2004:119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
          },
          {
            "name": "oval:org.mitre.oval:def:902",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
          },
          {
            "name": "RHSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
          },
          {
            "name": "2004-0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0012"
          },
          {
            "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
          },
          {
            "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
          },
          {
            "name": "DSA-465",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-465"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9899"
        },
        {
          "name": "ESA-20040317-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
        },
        {
          "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
        },
        {
          "name": "RHSA-2004:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
        },
        {
          "name": "CLA-2004:834",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
        },
        {
          "name": "SCOSA-2004.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
        },
        {
          "name": "20040304-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
        },
        {
          "name": "openssl-tls-dos(15509)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
        },
        {
          "name": "FEDORA-2004-095",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
        },
        {
          "name": "57524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
        },
        {
          "name": "oval:org.mitre.oval:def:871",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
        },
        {
          "name": "oval:org.mitre.oval:def:11755",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
        },
        {
          "name": "VU#465542",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/465542"
        },
        {
          "name": "TA04-078A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
        },
        {
          "name": "GLSA-200403-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
        },
        {
          "name": "11139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11139"
        },
        {
          "name": "RHSA-2004:120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
        },
        {
          "name": "RHSA-2004:119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
        },
        {
          "name": "oval:org.mitre.oval:def:902",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
        },
        {
          "name": "RHSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
        },
        {
          "name": "2004-0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0012"
        },
        {
          "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
        },
        {
          "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
        },
        {
          "name": "DSA-465",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-465"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9899",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "ESA-20040317-003",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "CLA-2004:834",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "20040304-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "openssl-tls-dos(15509)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
              "refsource": "MISC",
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "57524",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "oval:org.mitre.oval:def:871",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
            },
            {
              "name": "oval:org.mitre.oval:def:11755",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
            },
            {
              "name": "VU#465542",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/465542"
            },
            {
              "name": "TA04-078A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "GLSA-200403-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "RHSA-2004:119",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "oval:org.mitre.oval:def:902",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
            },
            {
              "name": "RHSA-2004:139",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "2004-0012",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "DSA-465",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-465"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0081",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4355 (GCVE-0-2009-4355)
Vulnerability from cvelistv5
Published
2010-01-14 19:00
Modified
2024-08-07 07:01
Severity ?
CWE
  • n/a
Summary
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
References
http://www.debian.org/security/2010/dsa-1970 vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2010/0916 vdb-entry, x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=19167 x_refsource_CONFIRM
http://secunia.com/advisories/42724 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/39461 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260 vdb-entry, signature, x_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=546707 x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html vendor-advisory, x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 vendor-advisory, x_refsource_SLACKWARE
http://secunia.com/advisories/38761 third-party-advisory, x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004 x_refsource_CONFIRM
http://secunia.com/advisories/38181 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/38200 third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-3157 x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0839 vdb-entry, x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=19069 x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127128920008563&w=2 vendor-advisory, x_refsource_HP
http://cvs.openssl.org/chngview?cn=19068 x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2010:022 vendor-advisory, x_refsource_MANDRIVA
https://rhn.redhat.com/errata/RHSA-2010-0095.html vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-884-1 vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=127128920008563&w=2 vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html vendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2010/01/13/3 mailing-list, x_refsource_MLIST
https://kb.bluecoat.com/index?page=content&id=SA50 x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/42733 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0124 vdb-entry, x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/38175 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168 vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1970",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1970"
          },
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19167"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "name": "oval:org.mitre.oval:def:11260",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
          },
          {
            "name": "38181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38181"
          },
          {
            "name": "38200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3157"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19069"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19068"
          },
          {
            "name": "MDVSA-2010:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "USN-884-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-884-1"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
          },
          {
            "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "oval:org.mitre.oval:def:6678",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0124",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0124"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "name": "38175",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38175"
          },
          {
            "name": "oval:org.mitre.oval:def:12168",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1970",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1970"
        },
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19167"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "name": "oval:org.mitre.oval:def:11260",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
        },
        {
          "name": "38181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38181"
        },
        {
          "name": "38200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-3157"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19069"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19068"
        },
        {
          "name": "MDVSA-2010:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "name": "USN-884-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-884-1"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
        },
        {
          "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "oval:org.mitre.oval:def:6678",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0124",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0124"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "name": "38175",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38175"
        },
        {
          "name": "oval:org.mitre.oval:def:12168",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1970",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1970"
            },
            {
              "name": "ADV-2010-0916",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0916"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=19167",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=19167"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "39461",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39461"
            },
            {
              "name": "oval:org.mitre.oval:def:11260",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546707",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707"
            },
            {
              "name": "FEDORA-2010-5357",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
            },
            {
              "name": "SSA:2010-060-02",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
            },
            {
              "name": "38761",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38761"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004"
            },
            {
              "name": "38181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38181"
            },
            {
              "name": "38200",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38200"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-3157",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-3157"
            },
            {
              "name": "ADV-2010-0839",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0839"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=19069",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=19069"
            },
            {
              "name": "HPSBUX02517",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=19068",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=19068"
            },
            {
              "name": "MDVSA-2010:022",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "USN-884-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-884-1"
            },
            {
              "name": "SSRT100058",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "oval:org.mitre.oval:def:6678",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "ADV-2010-0124",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0124"
            },
            {
              "name": "FEDORA-2010-5744",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
            },
            {
              "name": "38175",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38175"
            },
            {
              "name": "oval:org.mitre.oval:def:12168",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4355",
    "datePublished": "2010-01-14T19:00:00",
    "dateReserved": "2009-12-18T00:00:00",
    "dateUpdated": "2024-08-07T07:01:19.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2110 (GCVE-0-2012-2110)
Vulnerability from cvelistv5
Published
2012-04-19 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html vendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 x_refsource_CONFIRM
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/48899 third-party-advisory, x_refsource_SECUNIA
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html mailing-list, x_refsource_FULLDISC
http://rhn.redhat.com/errata/RHSA-2012-1308.html vendor-advisory, x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22434 x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060 vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1307.html vendor-advisory, x_refsource_REDHAT
http://www.exploit-db.com/exploits/18756 exploit, x_refsource_EXPLOIT-DB
http://rhn.redhat.com/errata/RHSA-2012-0518.html vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2012/dsa-2454 vendor-advisory, x_refsource_DEBIAN
http://support.apple.com/kb/HT5784 x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html vendor-advisory, x_refsource_APPLE
http://www.ubuntu.com/usn/USN-1424-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/48895 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48847 third-party-advisory, x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=22439 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1306.html vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-0522.html vendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html vendor-advisory, x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=134039053214295&w=2 vendor-advisory, x_refsource_HP
http://secunia.com/advisories/57353 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/53158 vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=133728068926468&w=2 vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2 vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html vendor-advisory, x_refsource_FEDORA
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578 x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133951357207000&w=2 vendor-advisory, x_refsource_HP
http://secunia.com/advisories/48942 third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20120419.txt x_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22431 x_refsource_CONFIRM
http://www.securitytracker.com/id?1026957 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/48999 third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133951357207000&w=2 vendor-advisory, x_refsource_HP
http://osvdb.org/81223 vdb-entry, x_refsource_OSVDB
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html vendor-advisory, x_refsource_FEDORA
https://kb.juniper.net/KB27376 x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133728068926468&w=2 vendor-advisory, x_refsource_HP
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:07.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2012:0623",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
          },
          {
            "name": "SUSE-SU-2012:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "SSRT101210",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "48899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48899"
          },
          {
            "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22434"
          },
          {
            "name": "MDVSA-2012:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "name": "18756",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18756"
          },
          {
            "name": "RHSA-2012:0518",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
          },
          {
            "name": "DSA-2454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "USN-1424-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1424-1"
          },
          {
            "name": "48895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "48847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22439"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "SUSE-SU-2012:0637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
          },
          {
            "name": "RHSA-2012:0522",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
          },
          {
            "name": "FEDORA-2012-6343",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "53158",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53158"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "FEDORA-2012-6395",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "48942",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48942"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120419.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=22431"
          },
          {
            "name": "1026957",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026957"
          },
          {
            "name": "48999",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48999"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "81223",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81223"
          },
          {
            "name": "HPSBMU02900",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
          },
          {
            "name": "FEDORA-2012-6403",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/KB27376"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2012:0623",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
        },
        {
          "name": "SUSE-SU-2012:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "SSRT101210",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "name": "48899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48899"
        },
        {
          "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22434"
        },
        {
          "name": "MDVSA-2012:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "name": "18756",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18756"
        },
        {
          "name": "RHSA-2012:0518",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
        },
        {
          "name": "DSA-2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2454"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "USN-1424-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1424-1"
        },
        {
          "name": "48895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48895"
        },
        {
          "name": "48847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22439"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "SUSE-SU-2012:0637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
        },
        {
          "name": "RHSA-2012:0522",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
        },
        {
          "name": "FEDORA-2012-6343",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "53158",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53158"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "FEDORA-2012-6395",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "48942",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48942"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120419.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=22431"
        },
        {
          "name": "1026957",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026957"
        },
        {
          "name": "48999",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48999"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "81223",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81223"
        },
        {
          "name": "HPSBMU02900",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
        },
        {
          "name": "FEDORA-2012-6403",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/KB27376"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2110",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2012:0623",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
            },
            {
              "name": "SUSE-SU-2012:1149",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "SSRT101210",
              "refsource": "HP",
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "48899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48899"
            },
            {
              "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22434",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22434"
            },
            {
              "name": "MDVSA-2012:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "18756",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18756"
            },
            {
              "name": "RHSA-2012:0518",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "USN-1424-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1424-1"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "48847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48847"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22439",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22439"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "SUSE-SU-2012:0637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
            },
            {
              "name": "RHSA-2012:0522",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
            },
            {
              "name": "FEDORA-2012-6343",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "53158",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53158"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100891",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "FEDORA-2012-6395",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
            },
            {
              "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
              "refsource": "CONFIRM",
              "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "48942",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48942"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120419.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120419.txt"
            },
            {
              "name": "http://cvs.openssl.org/chngview?cn=22431",
              "refsource": "CONFIRM",
              "url": "http://cvs.openssl.org/chngview?cn=22431"
            },
            {
              "name": "1026957",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026957"
            },
            {
              "name": "48999",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48999"
            },
            {
              "name": "HPSBMU02776",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "81223",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81223"
            },
            {
              "name": "HPSBMU02900",
              "refsource": "HP",
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
            },
            {
              "name": "FEDORA-2012-6403",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
            },
            {
              "name": "https://kb.juniper.net/KB27376",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/KB27376"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2110",
    "datePublished": "2012-04-19T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:07.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0166 (GCVE-0-2013-0166)
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity ?
CWE
  • n/a
Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0587.html vendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/55139 third-party-advisory, x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20130204.txt x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=908052 x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=136396549913849&w=2 vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=137545771702053&w=2 vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html vendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=136432043316835&w=2 vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2013-0833.html vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001 x_refsource_CONFIRM
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 x_refsource_CONFIRM
http://secunia.com/advisories/53623 third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/737740 third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=137545771702053&w=2 vendor-advisory, x_refsource_HP
http://www.debian.org/security/2013/dsa-2621 vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2013-0783.html vendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/55108 third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0782.html vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136432043316835&w=2 vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136396549913849&w=2 vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html vendor-advisory, x_refsource_SUSE
http://www.splunk.com/view/SP-CAAAHXG x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487 vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754 vdb-entry, signature, x_refsource_OVAL
http://support.apple.com/kb/HT5880 x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081 vdb-entry, signature, x_refsource_OVAL
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200"
          },
          {
            "name": "RHSA-2013:0587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
          },
          {
            "name": "oval:org.mitre.oval:def:19360",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
          },
          {
            "name": "55139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20130204.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
          },
          {
            "name": "HPSBUX02856",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "name": "SSRT101289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "SSRT101108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "RHSA-2013:0833",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
          },
          {
            "name": "53623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53623"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "HPSBUX02909",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "DSA-2621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2621"
          },
          {
            "name": "RHSA-2013:0783",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
          },
          {
            "name": "APPLE-SA-2013-09-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
          },
          {
            "name": "55108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55108"
          },
          {
            "name": "RHSA-2013:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
          },
          {
            "name": "HPSBOV02852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SSRT101104",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAHXG"
          },
          {
            "name": "oval:org.mitre.oval:def:19487",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
          },
          {
            "name": "oval:org.mitre.oval:def:18754",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5880"
          },
          {
            "name": "oval:org.mitre.oval:def:19081",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-08T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200"
        },
        {
          "name": "RHSA-2013:0587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
        },
        {
          "name": "oval:org.mitre.oval:def:19360",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
        },
        {
          "name": "55139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20130204.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
        },
        {
          "name": "HPSBUX02856",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "name": "SSRT101289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "SSRT101108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "RHSA-2013:0833",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
        },
        {
          "name": "53623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53623"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "HPSBUX02909",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "DSA-2621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2621"
        },
        {
          "name": "RHSA-2013:0783",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
        },
        {
          "name": "APPLE-SA-2013-09-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
        },
        {
          "name": "55108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55108"
        },
        {
          "name": "RHSA-2013:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
        },
        {
          "name": "HPSBOV02852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SSRT101104",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAHXG"
        },
        {
          "name": "oval:org.mitre.oval:def:19487",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
        },
        {
          "name": "oval:org.mitre.oval:def:18754",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5880"
        },
        {
          "name": "oval:org.mitre.oval:def:19081",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200"
            },
            {
              "name": "RHSA-2013:0587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
            },
            {
              "name": "oval:org.mitre.oval:def:19360",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360"
            },
            {
              "name": "55139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55139"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20130204.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20130204.txt"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908052",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
            },
            {
              "name": "HPSBUX02856",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "SSRT101289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "SSRT101108",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "RHSA-2013:0833",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7"
            },
            {
              "name": "53623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53623"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "HPSBUX02909",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "DSA-2621",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2621"
            },
            {
              "name": "RHSA-2013:0783",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
            },
            {
              "name": "APPLE-SA-2013-09-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
            },
            {
              "name": "55108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55108"
            },
            {
              "name": "RHSA-2013:0782",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
            },
            {
              "name": "HPSBOV02852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SSRT101104",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAAHXG",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAHXG"
            },
            {
              "name": "oval:org.mitre.oval:def:19487",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487"
            },
            {
              "name": "oval:org.mitre.oval:def:18754",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754"
            },
            {
              "name": "http://support.apple.com/kb/HT5880",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5880"
            },
            {
              "name": "oval:org.mitre.oval:def:19081",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081"
            },
            {
              "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0",
              "refsource": "CONFIRM",
              "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0166",
    "datePublished": "2013-02-08T19:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}