Vulnerabilites related to redhat - openssl
Vulnerability from fkie_nvd
Published
2012-04-19 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C9344D-F390-4003-93D1-013A9F521A17", "versionEndIncluding": "0.9.8u", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." }, { "lang": "es", "value": "La funci\u00f3n asn1_d2i_read_bio en OpenSSL antes de v0.9.8v, en v1.0.0 antes de v1.0.0i y en v1.0.1 antes de v1.0.1a no interpreta correctamente los enteros, lo que permite realizar ataques de desbordamiento de buffer a atacantes remotos, y provocar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria) o posiblemente tener un impacto no especificado, a trav\u00e9s de datos DER debidamente modificados, como lo demuestra un certificado X.509 o una clave p\u00fablica RSA." } ], "id": "CVE-2012-2110", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-04-19T17:55:01.253", "references": [ { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "source": "secalert@redhat.com", "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "source": "secalert@redhat.com", "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "source": "secalert@redhat.com", "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://osvdb.org/81223" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48847" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48895" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48899" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48942" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48999" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/57353" }, { "source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT5784" }, { "source": "secalert@redhat.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "source": "secalert@redhat.com", "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2454" }, { "source": "secalert@redhat.com", "url": "http://www.exploit-db.com/exploits/18756" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53158" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1026957" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "source": "secalert@redhat.com", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "source": "secalert@redhat.com", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "source": "secalert@redhat.com", "url": "https://kb.juniper.net/KB27376" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/81223" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48895" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48899" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48942" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5784" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/18756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53158" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1026957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.juniper.net/KB27376" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-05-14 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "14672B30-A838-4BCE-935D-F8261F0A43EE", "versionEndIncluding": "0.9.8w", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation." }, { "lang": "es", "value": "Desbordamiento de entero en OpenSSL anteriores a v0.9.8x, v1.0.0 anteriores a v1.0.0j, y v1.0.1 anteriores a v1.0.1c, cuando TLS v1.1, TLS v1.2, o DTLS es usado con cifrado CBC, permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (sobre escritura del b\u00fafer) o posiblemente tener otros impactos no determinados a trav\u00e9s de paquetes TLS manipulados que no son gestionados de forma adecuada en ciertos c\u00e1lculos de vectores IV concretos." } ], "id": "CVE-2012-2333", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-05-14T22:55:03.070", "references": [ { "source": "secalert@redhat.com", "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "source": "secalert@redhat.com", "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/49116" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/49208" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/49324" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50768" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/51312" }, { "source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT5784" }, { "source": "secalert@redhat.com", "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2475" }, { "source": "secalert@redhat.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "source": "secalert@redhat.com", "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53476" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1027057" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49116" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49324" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/50768" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/51312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5784" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2475" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1027057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-06-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openssl | openssl | * | |
redhat | openssl | 0.9.6-15 | |
redhat | openssl | 0.9.6b-3 | |
redhat | openssl | 0.9.7a-2 | |
canonical | ubuntu_linux | 6.06 | |
canonical | ubuntu_linux | 8.04 | |
canonical | ubuntu_linux | 8.10 | |
canonical | ubuntu_linux | 9.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD28B423-FF29-4983-9FBD-68641B1C142A", "versionEndExcluding": "0.9.8i", "versionStartExcluding": "0.9.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello." }, { "lang": "es", "value": "ssl/s3_pkt.c en OpenSSL anteriores a v0.9.8i permite a los atacantes remotos, causar una denegaci\u00f3n de servicios (puntero NULO desreferenciado y ca\u00edda del \"daemon\"), a trav\u00e9s de un paquete ChangeCipherSpec DTLs que ocurre antes de ClientHello." } ], "id": "CVE-2009-1386", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-06-04T16:30:00.313", "references": [ { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Patch", "Third Party Advisory" ], "url": "http://cvs.openssl.org/chngview?cn=17369" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "Vendor Advisory" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest" }, { "source": "secalert@redhat.com", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35571" }, { "source": "secalert@redhat.com", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35685" }, { "source": "secalert@redhat.com", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35729" }, { "source": "secalert@redhat.com", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/36533" }, { "source": "secalert@redhat.com", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/38794" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/38834" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35174" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "source": "secalert@redhat.com", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/8873" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch", "Third Party Advisory" ], "url": "http://cvs.openssl.org/chngview?cn=17369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "Vendor Advisory" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35571" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/35729" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/36533" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "http://secunia.com/advisories/38794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/38834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35174" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/8873" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-06-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openssl | openssl | * | |
redhat | openssl | 0.9.6-15 | |
redhat | openssl | 0.9.6b-3 | |
redhat | openssl | 0.9.7a-2 | |
canonical | ubuntu_linux | 6.06 | |
canonical | ubuntu_linux | 8.04 | |
canonical | ubuntu_linux | 8.10 | |
canonical | ubuntu_linux | 9.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA054F35-6E05-4A24-9195-F80C0C2761DC", "versionEndExcluding": "0.9.8m", "versionStartIncluding": "0.9.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"" }, { "lang": "es", "value": "La funci\u00f3n dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL anteriores a v1.0.0 Beta 2 permite a los atacantes causar una denegaci\u00f3n de servicios (puntero NULO desreferenciado y ca\u00edda de \"daemon\") a trav\u00e9s de un mensaje \"handshake\" DTLS fuera de secuencia, relativo a \"fragment bug\"." } ], "id": "CVE-2009-1387", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-06-04T16:30:00.343", "references": [ { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Patch", "Third Party Advisory", "Vendor Advisory" ], "url": "http://cvs.openssl.org/chngview?cn=17958" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Patch", "Third Party Advisory" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/35571" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/35685" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/35729" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/36533" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/37003" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/38794" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/38834" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "source": "secalert@redhat.com", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "source": "secalert@redhat.com", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740" }, { "source": "secalert@redhat.com", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch", "Third Party Advisory", "Vendor Advisory" ], "url": "http://cvs.openssl.org/chngview?cn=17958" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch", "Third Party Advisory" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/35571" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/35685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/35729" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/36533" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/37003" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/38794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/38834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-01-14 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "81FB3B26-CC83-4FA5-BDE1-05F35AB99741", "versionEndIncluding": "0.9.8l", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678." }, { "lang": "es", "value": "Fuga de memoria en la funci\u00f3n zlib_stateful_finish en crypto/comp/c_zlib.c en OpenSSL v0.9.8l y anteriores, y v1.0.0 Beta a la Beta 4, permite a atacantes remoso provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores que provocan llamadas incorrectas a la funci\u00f3n CRYPTO_free_all_ex_data, como se demostr\u00f3 usando SSLv3 y PHP con el Apache HTTP Server, una cuesti\u00f3n relacionada con el CVE-2008-1678." } ], "id": "CVE-2009-4355", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-01-14T19:30:00.390", "references": [ { "source": "cve@mitre.org", "url": "http://cvs.openssl.org/chngview?cn=19068" }, { "source": "cve@mitre.org", "url": "http://cvs.openssl.org/chngview?cn=19069" }, { "source": "cve@mitre.org", "url": "http://cvs.openssl.org/chngview?cn=19167" }, { "source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" }, { "source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38175" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38181" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38200" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/38761" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/39461" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/42724" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/42733" }, { "source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049" }, { "source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-1970" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.ubuntu.com/usn/USN-884-1" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0124" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/0839" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707" }, { "source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-3157" }, { "source": "cve@mitre.org", "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678" }, { "source": "cve@mitre.org", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=19068" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=19069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.openssl.org/chngview?cn=19167" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38175" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38761" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39461" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42724" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-1970" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ubuntu.com/usn/USN-884-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0124" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-3157" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "B6231CAA-00A8-41CE-8436-B84518014CF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "A70AD93B-E876-4EAB-9970-752D42E15E99", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "matchCriteriaId": "716ADA01-38B8-4C15-A3BB-D9688DA30599", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "matchCriteriaId": "B73326F7-7DCE-4EDE-95D7-AE7AED263A14", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "EA2D251C-9C45-4EFE-8262-E88AB7CE713A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "matchCriteriaId": "6D81E175-E698-40EF-9601-425893FFB1FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "matchCriteriaId": "FA0F25B7-A172-4300-8718-112E817A6165", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "matchCriteriaId": "52B1BE89-BAE0-4656-943B-B9B81D9B54B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "matchCriteriaId": "D097222B-ED20-459C-9167-55751FA2C87A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "matchCriteriaId": "86DDC8F2-7920-4A73-927E-562C89806972", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "matchCriteriaId": "419BBCCD-6F8A-418A-BA02-56267B11D948", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "matchCriteriaId": "8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "matchCriteriaId": "2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3990A-3457-4CD6-9EEC-F2D4BC143932", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "matchCriteriaId": "06110A61-8857-46D5-BEE1-882197756DED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." }, { "lang": "es", "value": "OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificaci\u00f3n de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una tecla no v\u00e1lida." } ], "id": "CVE-2013-0166", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-02-08T19:55:00.967", "references": [ { "source": "secalert@redhat.com", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "source": "secalert@redhat.com", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200" }, { "source": "secalert@redhat.com", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/53623" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55108" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55139" }, { "source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT5880" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2621" }, { "source": "secalert@redhat.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "source": "secalert@redhat.com", "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "source": "secalert@redhat.com", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/53623" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55108" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5880" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2621" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-310" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*", "matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*", "matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*", "matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*", "matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F", "vulnerable": true }, { "criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*", "matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*", "matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*", "matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*", "matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", "matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*", "matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", "matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*", "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*", "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*", "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*", "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*", "matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*", "matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", "matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*", "matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*", "matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*", "matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*", "matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*", "matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*", "matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*", "matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*", "matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*", "matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*", "matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*", "matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*", "matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*", "matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*", "matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*", "matchCriteriaId": "E0146341-364C-4085-A2E1-BC8C260FBA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*", "matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*", "matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*", "matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*", "matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*", "matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*", "matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A045971-8756-47E8-9044-C39D08B36F1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CAA95881-7231-4FDA-AF73-04DF9FF0B64C", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "44E85930-3AAD-420B-8E3E-AEC57344F6C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "00993464-BE09-4691-B3F0-51BBA9FB80C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "896AB39E-2078-4BA2-9522-477BD5F98FD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "EB9279EC-47CF-45F1-B4CC-B2B332E82E34", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7300C3E-8105-4C23-89B9-7D29CED18C15", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "90C59DB2-48DA-4172-A1F5-25CF3B5097AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "715F4E0B-7E4B-4520-A987-9B3ED3136B75", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "9CA1F606-C558-40FD-9300-6E2796F47BA8", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*", "matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*", "matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*", "matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*", "matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*", "matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*", "matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "EA1C4B3C-5701-4233-BA94-28915713F9C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F85F672-0F21-4AD7-8620-13D82F2ECC22", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "89070041-613A-4F7B-BD6A-C6091D21FC52", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9A71933-4BD5-4B11-8B14-D997E75F29CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B6BE11D-FC02-4950-A554-08CC9D8B1853", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B80ADAE8-94D4-46A4-A5ED-FF134D808B52", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "69FA0221-5073-4D45-950F-119497B53FED", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2CC1A110-B203-4962-8E1A-74BD98121AF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B5A92C4D-B024-4D39-9479-409C39586F64", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5E8998CC-E372-46D0-8339-47DC8D92D253", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AF131FDC-BF8D-4A17-99F0-444EB900E83D", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "880811B3-E78E-456E-972E-DE733F368576", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "22411F18-2B93-405A-A3B5-2CF0A04977C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C71188B7-E6DC-41E5-B619-367341113501", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "07491444-0196-4504-A971-A5E388B86BBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "72BC6CD2-3291-4E69-8DC6-F3AB853F8931", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CD43EDDF-58A7-4705-B8C7-FD76C35A437D", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "A7C2E603-568F-40F6-9A7C-439E2A51B37F", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "703421A7-E8C5-450B-97EF-FD9D99D4B834", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*", "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*", "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*", "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", "vulnerable": true }, { "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*", "matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*", "matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*", "matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*", "matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*", "matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F", "vulnerable": true }, { "criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75", "vulnerable": true }, { "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059", "vulnerable": true }, { "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", "matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*", "matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference." }, { "lang": "es", "value": "La funci\u00f3n do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda) mediante una h\u00e1bil uni\u00f3n SSL/TLS que provoca un puntero nulo." } ], "id": "CVE-2004-0079", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2004-11-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/11139" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/17381" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/17398" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/17401" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/18247" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2004/dsa-465" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/288574" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9899" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/11139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/17381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/17398" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/17401" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/18247" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2004/dsa-465" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/288574" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9899" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*", "matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*", "matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*", "matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*", "matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F", "vulnerable": true }, { "criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*", "matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*", "matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*", "matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*", "matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", "matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*", "matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", "matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*", "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*", "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*", "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*", "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*", "matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*", "matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", "matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*", "matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*", "matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*", "matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*", "matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*", "matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*", "matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*", "matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*", "matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*", "matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*", "matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*", "matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*", "matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation:*:*:*:*:*:*:*", "matchCriteriaId": "C48F4DF4-8091-45D0-9F80-F760500B1202", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*", "matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*", "matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*", "matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*", "matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*", "matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*", "matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*", "matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*", "matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A045971-8756-47E8-9044-C39D08B36F1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CAA95881-7231-4FDA-AF73-04DF9FF0B64C", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "44E85930-3AAD-420B-8E3E-AEC57344F6C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "00993464-BE09-4691-B3F0-51BBA9FB80C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "896AB39E-2078-4BA2-9522-477BD5F98FD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "EB9279EC-47CF-45F1-B4CC-B2B332E82E34", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7300C3E-8105-4C23-89B9-7D29CED18C15", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "90C59DB2-48DA-4172-A1F5-25CF3B5097AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "715F4E0B-7E4B-4520-A987-9B3ED3136B75", "vulnerable": true }, { "criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "9CA1F606-C558-40FD-9300-6E2796F47BA8", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*", "matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*", "matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*", "matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*", "matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*", "matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*", "matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "EA1C4B3C-5701-4233-BA94-28915713F9C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F85F672-0F21-4AD7-8620-13D82F2ECC22", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "89070041-613A-4F7B-BD6A-C6091D21FC52", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9A71933-4BD5-4B11-8B14-D997E75F29CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B6BE11D-FC02-4950-A554-08CC9D8B1853", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B80ADAE8-94D4-46A4-A5ED-FF134D808B52", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "69FA0221-5073-4D45-950F-119497B53FED", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2CC1A110-B203-4962-8E1A-74BD98121AF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B5A92C4D-B024-4D39-9479-409C39586F64", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5E8998CC-E372-46D0-8339-47DC8D92D253", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AF131FDC-BF8D-4A17-99F0-444EB900E83D", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "880811B3-E78E-456E-972E-DE733F368576", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "22411F18-2B93-405A-A3B5-2CF0A04977C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C71188B7-E6DC-41E5-B619-367341113501", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "07491444-0196-4504-A971-A5E388B86BBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "72BC6CD2-3291-4E69-8DC6-F3AB853F8931", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CD43EDDF-58A7-4705-B8C7-FD76C35A437D", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "A7C2E603-568F-40F6-9A7C-439E2A51B37F", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "703421A7-E8C5-450B-97EF-FD9D99D4B834", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*", "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*", "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*", "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", "vulnerable": true }, { "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*", "matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*", "matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*", "matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*", "matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*", "matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F", "vulnerable": true }, { "criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75", "vulnerable": true }, { "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059", "vulnerable": true }, { "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", "matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*", "matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool." }, { "lang": "es", "value": "OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS." } ], "id": "CVE-2004-0081", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "source": "cve@mitre.org", "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/11139" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "source": "cve@mitre.org", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-465" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/465542" }, { "source": "cve@mitre.org", "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9899" }, { "source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2004/0012" }, { "source": "cve@mitre.org", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/11139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-465" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/465542" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9899" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2004/0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*", "matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*", "matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*", "matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD", "vulnerable": true }, { "criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*", "matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F", "vulnerable": true }, { "criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*", "matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*", "matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*", "matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*", "matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", "matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*", "matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", "matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*", "matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*", "matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*", "matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*", "matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*", "matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*", "matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", "matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*", "matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*", "matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*", "matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*", "matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*", "matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*", "matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*", "matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*", "matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*", "matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*", "matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*", "matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*", "matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*", "matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*", "matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*", "matchCriteriaId": "E0146341-364C-4085-A2E1-BC8C260FBA3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*", "matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*", "matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*", "matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*", "matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "FF2AD44D-3BE8-4541-B62D-9F01D46F8E6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "8BF2E08B-9046-41A1-BEDE-EB0B6436315C", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "811E1BE8-3868-49F8-B6E8-D5705559B02E", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "D67C9DB4-E46C-4E84-82D9-AF48EFDAEFBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "CF0E1BF0-6629-40DC-AB23-0256BABD0CB9", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AC4E7E5-FCC1-46B0-B69F-F1F6B36838ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C4AED89-F862-4071-8E94-481A59EDAE8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A3CB6FF-3840-4E80-A0A4-614D6686D2B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "67010B0B-ECE7-4EE5-B103-05DC637E150F", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1355EF99-35FC-44A7-BC56-F7C0EA49BF0C", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "6DDA8F10-B059-4403-A790-EFC8822588B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "A06BCD31-3FB6-468B-9BC9-EA573717B19F", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "360238CC-3BF5-4750-B16D-8A2E0257022E", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "0C55C754-E213-4E79-AA7B-2CAF8A464388", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "647BA524-5A79-408C-BBF2-5780BC522B64", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D599C49D-4D7D-4C44-9D8D-A3F76746BBA8", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B4DC717-0785-4C19-8A33-ACA5F378DF3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:forcepoint:stonegate:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "858843D3-84BB-48B6-80D1-1271AE60150D", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*", "matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75", "vulnerable": true }, { "criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*", "matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A7B80E0-40BB-4B4E-9711-AF293A038DD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9EFCFFE8-9CAD-4A7F-9751-8627E6297C9F", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3653856-207E-46A7-92DD-D7F377F1829A", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E4627BB-0D75-44BC-989F-0E85C9FA0E2B", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "19053434-F9E7-4839-AB5A-B226CC4616A5", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "D04CABBA-7BEB-44EC-A6E4-A31E41A62BD7", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "8D15C938-4DAB-4011-80EE-A2663E20BFC1", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C9C056ED-2492-4B1C-BCB9-4F36806C4A48", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A72FC232-A2CB-443B-9A4A-8BBFEFE6517C", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:-:*:*:*:*:*:*", "matchCriteriaId": "BA347CD3-0619-4EA2-A736-B59EE9E3AC12", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "4ACEF29C-3225-43A7-9E07-FBCCF555887E", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "46D932AF-FB1A-464D-BA3D-2DC2D3C187CD", "vulnerable": false }, { "criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "9F532860-9E26-45C3-9FB3-6B0888F1279A", "vulnerable": false }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*", "matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*", "matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*", "matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*", "matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*", "matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*", "matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9", "vulnerable": true }, { "criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*", "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*", "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*", "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", "vulnerable": true }, { "criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", "vulnerable": true }, { "criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*", "matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*", "matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*", "matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*", "matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*", "matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61", "vulnerable": true }, { "criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*", "matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F", "vulnerable": true }, { "criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75", "vulnerable": true }, { "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059", "vulnerable": true }, { "criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", "matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*", "matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read." }, { "lang": "es", "value": "El c\u00f3digo que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio." } ], "id": "CVE-2004-0112", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-11-23T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/11139" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/484726" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9899" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/11139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/484726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9899" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
CVE-2009-1387 (GCVE-0-2009-1387)
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:13:25.436Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "38794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=17958" }, { "name": "35729", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35729" }, { "name": "GLSA-200912-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "name": "RHSA-2009:1335", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "name": "HPSBMA02492", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "37003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37003" }, { "name": "36533", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36533" }, { "name": "USN-792-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest" }, { "name": "oval:org.mitre.oval:def:7592", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" }, { "name": "NetBSD-SA2009-009", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "name": "38834", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38834" }, { "name": "35685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35685" }, { "name": "35571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35571" }, { "name": "SUSE-SR:2009:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "oval:org.mitre.oval:def:10740", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" }, { "name": "SSRT100079", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0528" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-06-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "38794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=17958" }, { "name": "35729", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35729" }, { "name": "GLSA-200912-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "name": "RHSA-2009:1335", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "name": "HPSBMA02492", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "37003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37003" }, { "name": "36533", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36533" }, { "name": "USN-792-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest" }, { "name": "oval:org.mitre.oval:def:7592", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" }, { "name": "NetBSD-SA2009-009", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "name": "38834", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38834" }, { "name": "35685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35685" }, { "name": "35571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35571" }, { "name": "SUSE-SR:2009:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "oval:org.mitre.oval:def:10740", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" }, { "name": "SSRT100079", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0528" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-1387", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "38794", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "http://cvs.openssl.org/chngview?cn=17958", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=17958" }, { "name": "35729", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35729" }, { "name": "GLSA-200912-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "name": "RHSA-2009:1335", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "name": "HPSBMA02492", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "37003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37003" }, { "name": "36533", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36533" }, { "name": "USN-792-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "name": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest", "refsource": "CONFIRM", "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest" }, { "name": "oval:org.mitre.oval:def:7592", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592" }, { "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html", "refsource": "CONFIRM", "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" }, { "name": "NetBSD-SA2009-009", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "name": "38834", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38834" }, { "name": "35685", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35685" }, { "name": "35571", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35571" }, { "name": "SUSE-SR:2009:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "oval:org.mitre.oval:def:10740", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740" }, { "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net", "refsource": "CONFIRM", "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" }, { "name": "SSRT100079", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "ADV-2010-0528", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0528" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1387", "datePublished": "2009-06-04T16:00:00", "dateReserved": "2009-04-23T00:00:00", "dateUpdated": "2024-08-07T05:13:25.436Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-1386 (GCVE-0-2009-1386)
Vulnerability from cvelistv5
Published
2009-06-04 16:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:13:25.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "38794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "35729", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35729" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=17369" }, { "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "name": "RHSA-2009:1335", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "name": "HPSBMA02492", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "36533", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36533" }, { "name": "oval:org.mitre.oval:def:11179", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179" }, { "name": "USN-792-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "name": "oval:org.mitre.oval:def:7469", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest" }, { "name": "NetBSD-SA2009-009", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "name": "38834", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38834" }, { "name": "openssl-changecipherspec-dos(50963)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963" }, { "name": "35685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35685" }, { "name": "8873", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/8873" }, { "name": "35571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35571" }, { "name": "SUSE-SR:2009:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "35174", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35174" }, { "name": "SSRT100079", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0528" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-06-02T00:00:00", "descriptions": [ { "lang": "en", "value": "ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "38794", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "35729", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35729" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=17369" }, { "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1" }, { "name": "RHSA-2009:1335", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" }, { "name": "HPSBMA02492", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "36533", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36533" }, { "name": "oval:org.mitre.oval:def:11179", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179" }, { "name": "USN-792-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-792-1" }, { "name": "oval:org.mitre.oval:def:7469", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=1679\u0026user=guest\u0026pass=guest" }, { "name": "NetBSD-SA2009-009", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" }, { "name": "38834", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38834" }, { "name": "openssl-changecipherspec-dos(50963)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50963" }, { "name": "35685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35685" }, { "name": "8873", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/8873" }, { "name": "35571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35571" }, { "name": "SUSE-SR:2009:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "35174", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35174" }, { "name": "SSRT100079", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0528" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1386", "datePublished": "2009-06-04T16:00:00", "dateReserved": "2009-04-23T00:00:00", "dateUpdated": "2024-08-07T05:13:25.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2333 (GCVE-0-2012-2333)
Vulnerability from cvelistv5
Published
2012-05-14 22:00
Modified
2024-08-06 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:34:25.869Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "53476", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53476" }, { "name": "49116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49116" }, { "name": "SSRT100930", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "51312", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51312" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "49208", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49208" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SU-2012:0679", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "50768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50768" }, { "name": "49324", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49324" }, { "name": "openssl-tls-record-dos(75525)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SUSE-SU-2012:0678", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "name": "1027057", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027057" }, { "name": "FEDORA-2012-7939", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "name": "HPSBUX02814", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "DSA-2475", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2475" }, { "name": "MDVSA-2012:073", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "name": "RHSA-2012:0699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "53476", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53476" }, { "name": "49116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49116" }, { "name": "SSRT100930", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "51312", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51312" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "49208", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49208" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SU-2012:0679", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "50768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50768" }, { "name": "49324", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49324" }, { "name": "openssl-tls-record-dos(75525)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SUSE-SU-2012:0678", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "name": "1027057", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027057" }, { "name": "FEDORA-2012-7939", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "name": "HPSBUX02814", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "DSA-2475", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2475" }, { "name": "MDVSA-2012:073", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "name": "RHSA-2012:0699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2333", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "53476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53476" }, { "name": "49116", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49116" }, { "name": "SSRT100930", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "FEDORA-2012-18035", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "51312", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51312" }, { "name": "RHSA-2012:1308", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "http://cvs.openssl.org/chngview?cn=22538", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "name": "RHSA-2012:1307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "49208", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49208" }, { "name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SU-2012:0679", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=820686", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "name": "http://cvs.openssl.org/chngview?cn=22547", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "name": "RHSA-2012:1306", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "50768", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50768" }, { "name": "49324", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49324" }, { "name": "openssl-tls-record-dos(75525)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SUSE-SU-2012:0678", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "name": "http://www.openssl.org/news/secadv_20120510.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "name": "1027057", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027057" }, { "name": "FEDORA-2012-7939", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "name": "http://www.cert.fi/en/reports/2012/vulnerability641549.html", "refsource": "MISC", "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "name": "HPSBUX02814", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "DSA-2475", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2475" }, { "name": "MDVSA-2012:073", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "name": "RHSA-2012:0699", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2333", "datePublished": "2012-05-14T22:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:34:25.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0079 (GCVE-0-2004-0079)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2025-01-16 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.689Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "FEDORA-2005-1042", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "SSRT4717", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "oval:org.mitre.oval:def:2621", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "17381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17381" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "oval:org.mitre.oval:def:9779", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "name": "oval:org.mitre.oval:def:975", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "FreeBSD-SA-04:05", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "name": "NetBSD-SA2004-005", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "17401", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17401" }, { "name": "RHSA-2005:829", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "name": "oval:org.mitre.oval:def:870", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "name": "RHSA-2005:830", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17398", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17398" }, { "name": "SSA:2004-077", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "openssl-dochangecipherspec-dos(15505)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "VU#288574", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/288574" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-465" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "18247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18247" }, { "name": "oval:org.mitre.oval:def:5770", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2004-0079", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-08T16:21:54.985893Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-16T17:33:22.869Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "FEDORA-2005-1042", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "SSRT4717", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "oval:org.mitre.oval:def:2621", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "17381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17381" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "oval:org.mitre.oval:def:9779", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "name": "oval:org.mitre.oval:def:975", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "FreeBSD-SA-04:05", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "name": "NetBSD-SA2004-005", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "17401", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17401" }, { "name": "RHSA-2005:829", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "name": "oval:org.mitre.oval:def:870", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "name": "RHSA-2005:830", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17398", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17398" }, { "name": "SSA:2004-077", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "openssl-dochangecipherspec-dos(15505)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "VU#288574", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/288574" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-465" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "18247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18247" }, { "name": "oval:org.mitre.oval:def:5770", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0079", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9899", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9899" }, { "name": "FEDORA-2005-1042", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "ESA-20040317-003", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "SSRT4717", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "oval:org.mitre.oval:def:2621", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "name": "CLA-2004:834", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "17381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17381" }, { "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "refsource": "FEDORA", "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "oval:org.mitre.oval:def:9779", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "name": "oval:org.mitre.oval:def:975", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "name": "57524", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "refsource": "CONFIRM", "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "name": "http://www.openssl.org/news/secadv_20040317.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "FreeBSD-SA-04:05", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "name": "NetBSD-SA2004-005", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "17401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17401" }, { "name": "RHSA-2005:829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "name": "oval:org.mitre.oval:def:870", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "name": "RHSA-2005:830", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "name": "GLSA-200403-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US", "refsource": "CONFIRM", "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17398" }, { "name": "SSA:2004-077", "refsource": "SLACKWARE", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "RHSA-2004:139", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "openssl-dochangecipherspec-dos(15505)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "name": "2004-0012", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "http://docs.info.apple.com/article.html?artnum=61798", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "VU#288574", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/288574" }, { "name": "DSA-465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-465" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "18247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18247" }, { "name": "oval:org.mitre.oval:def:5770", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0079", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2025-01-16T17:33:22.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0112 (GCVE-0-2004-0112)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.359Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "SSRT4717", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "NetBSD-SA2004-005", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "oval:org.mitre.oval:def:1049", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" }, { "name": "openssl-kerberos-ciphersuites-dos(15508)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" }, { "name": "VU#484726", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/484726" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "oval:org.mitre.oval:def:9580", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "SSA:2004-077", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "oval:org.mitre.oval:def:928", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "SSRT4717", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "NetBSD-SA2004-005", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "oval:org.mitre.oval:def:1049", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" }, { "name": "openssl-kerberos-ciphersuites-dos(15508)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" }, { "name": "VU#484726", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/484726" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "oval:org.mitre.oval:def:9580", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "SSA:2004-077", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "oval:org.mitre.oval:def:928", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0112", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9899", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9899" }, { "name": "SSRT4717", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "CLA-2004:834", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "57524", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "refsource": "CONFIRM", "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "name": "http://www.openssl.org/news/secadv_20040317.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "NetBSD-SA2004-005", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "oval:org.mitre.oval:def:1049", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" }, { "name": "openssl-kerberos-ciphersuites-dos(15508)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" }, { "name": "VU#484726", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/484726" }, { "name": "GLSA-200403-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "oval:org.mitre.oval:def:9580", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" }, { "name": "11139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "SSA:2004-077", "refsource": "SLACKWARE", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "2004-0012", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "http://docs.info.apple.com/article.html?artnum=61798", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "oval:org.mitre.oval:def:928", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0112", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-02-02T00:00:00", "dateUpdated": "2024-08-08T00:10:03.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0081 (GCVE-0-2004-0081)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "20040304-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "openssl-tls-dos(15509)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "oval:org.mitre.oval:def:871", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "name": "oval:org.mitre.oval:def:11755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "name": "VU#465542", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/465542" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "RHSA-2004:119", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "oval:org.mitre.oval:def:902", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-465" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "20040304-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "openssl-tls-dos(15509)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "oval:org.mitre.oval:def:871", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "name": "oval:org.mitre.oval:def:11755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "name": "VU#465542", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/465542" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "RHSA-2004:119", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "oval:org.mitre.oval:def:902", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-465" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0081", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9899", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9899" }, { "name": "ESA-20040317-003", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "name": "RHSA-2004:121", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "CLA-2004:834", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "20040304-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "openssl-tls-dos(15509)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "refsource": "FEDORA", "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "57524", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "oval:org.mitre.oval:def:871", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "name": "oval:org.mitre.oval:def:11755", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "name": "VU#465542", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/465542" }, { "name": "TA04-078A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "GLSA-200403-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "RHSA-2004:119", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "oval:org.mitre.oval:def:902", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "name": "RHSA-2004:139", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "2004-0012", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "DSA-465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-465" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0081", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:01:23.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-4355 (GCVE-0-2009-4355)
Vulnerability from cvelistv5
Published
2010-01-14 19:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:01:19.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-1970", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-1970" }, { "name": "ADV-2010-0916", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=19167" }, { "name": "42724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42724" }, { "name": "39461", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39461" }, { "name": "oval:org.mitre.oval:def:11260", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707" }, { "name": "FEDORA-2010-5357", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "name": "SSA:2010-060-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049" }, { "name": "38761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38761" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004" }, { "name": "38181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38181" }, { "name": "38200", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38200" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-3157" }, { "name": "ADV-2010-0839", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0839" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=19069" }, { "name": "HPSBUX02517", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=19068" }, { "name": "MDVSA-2010:022", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "USN-884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-884-1" }, { "name": "SSRT100058", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "name": "SUSE-SA:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "name": "oval:org.mitre.oval:def:6678", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678" }, { "name": "42733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42733" }, { "name": "ADV-2010-0124", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0124" }, { "name": "FEDORA-2010-5744", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" }, { "name": "38175", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38175" }, { "name": "oval:org.mitre.oval:def:12168", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-01-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-1970", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-1970" }, { "name": "ADV-2010-0916", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=19167" }, { "name": "42724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42724" }, { "name": "39461", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39461" }, { "name": "oval:org.mitre.oval:def:11260", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707" }, { "name": "FEDORA-2010-5357", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "name": "SSA:2010-060-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049" }, { "name": "38761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38761" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004" }, { "name": "38181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38181" }, { "name": "38200", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38200" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-3157" }, { "name": "ADV-2010-0839", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0839" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=19069" }, { "name": "HPSBUX02517", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=19068" }, { "name": "MDVSA-2010:022", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "USN-884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-884-1" }, { "name": "SSRT100058", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "name": "SUSE-SA:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "name": "oval:org.mitre.oval:def:6678", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678" }, { "name": "42733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42733" }, { "name": "ADV-2010-0124", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0124" }, { "name": "FEDORA-2010-5744", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" }, { "name": "38175", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38175" }, { "name": "oval:org.mitre.oval:def:12168", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-1970", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1970" }, { "name": "ADV-2010-0916", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "name": "http://cvs.openssl.org/chngview?cn=19167", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=19167" }, { "name": "42724", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42724" }, { "name": "39461", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39461" }, { "name": "oval:org.mitre.oval:def:11260", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546707", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546707" }, { "name": "FEDORA-2010-5357", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "name": "SSA:2010-060-02", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049" }, { "name": "38761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38761" }, { "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004" }, { "name": "38181", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38181" }, { "name": "38200", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38200" }, { "name": "https://issues.rpath.com/browse/RPL-3157", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-3157" }, { "name": "ADV-2010-0839", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0839" }, { "name": "http://cvs.openssl.org/chngview?cn=19069", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=19069" }, { "name": "HPSBUX02517", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "name": "http://cvs.openssl.org/chngview?cn=19068", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=19068" }, { "name": "MDVSA-2010:022", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:022" }, { "name": "RHSA-2010:0095", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "USN-884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-884-1" }, { "name": "SSRT100058", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/01/13/3" }, { "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50", "refsource": "CONFIRM", "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "name": "oval:org.mitre.oval:def:6678", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678" }, { "name": "42733", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42733" }, { "name": "ADV-2010-0124", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0124" }, { "name": "FEDORA-2010-5744", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html" }, { "name": "38175", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38175" }, { "name": "oval:org.mitre.oval:def:12168", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4355", "datePublished": "2010-01-14T19:00:00", "dateReserved": "2009-12-18T00:00:00", "dateUpdated": "2024-08-07T07:01:19.955Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2110 (GCVE-0-2012-2110)
Vulnerability from cvelistv5
Published
2012-04-19 17:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:07.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48942" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48942" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2012:0623", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "http://cvs.openssl.org/chngview?cn=22434", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2454" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48847" }, { "name": "http://cvs.openssl.org/chngview?cn=22439", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578", "refsource": "CONFIRM", "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48942" }, { "name": "http://www.openssl.org/news/secadv_20120419.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "name": "http://cvs.openssl.org/chngview?cn=22431", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "refsource": "OSVDB", "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "name": "https://kb.juniper.net/KB27376", "refsource": "CONFIRM", "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2110", "datePublished": "2012-04-19T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:07.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0166 (GCVE-0-2013-0166)
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.381Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55139" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-08T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55139" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55139" }, { "name": "http://www.openssl.org/news/secadv_20130204.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908052", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "http://www.splunk.com/view/SP-CAAAHXG", "refsource": "CONFIRM", "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "name": "http://support.apple.com/kb/HT5880", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0166", "datePublished": "2013-02-08T19:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }