5

CVE-2013-0166

EPSS 5.33%
Veröffentlicht 08.02.2013 19:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 30

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version0.9.1c

OpenSSL ≫ OpenSSL Version0.9.2b

OpenSSL ≫ OpenSSL Version0.9.3

OpenSSL ≫ OpenSSL Version0.9.3a

OpenSSL ≫ OpenSSL Version0.9.4

OpenSSL ≫ OpenSSL Version0.9.5

OpenSSL ≫ OpenSSL Version0.9.5 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.5 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.5a

OpenSSL ≫ OpenSSL Version0.9.5a Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.5a Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.6a

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.6b

OpenSSL ≫ OpenSSL Version0.9.6c

OpenSSL ≫ OpenSSL Version0.9.6d

OpenSSL ≫ OpenSSL Version0.9.6e

OpenSSL ≫ OpenSSL Version0.9.6f

OpenSSL ≫ OpenSSL Version0.9.6g

OpenSSL ≫ OpenSSL Version0.9.6h

OpenSSL ≫ OpenSSL Version0.9.6i

OpenSSL ≫ OpenSSL Version0.9.6j

OpenSSL ≫ OpenSSL Version0.9.6k

OpenSSL ≫ OpenSSL Version0.9.6l

OpenSSL ≫ OpenSSL Version0.9.6m

OpenSSL ≫ OpenSSL Version0.9.7

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta4

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta5

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta6

OpenSSL ≫ OpenSSL Version0.9.7a

OpenSSL ≫ OpenSSL Version0.9.7b

OpenSSL ≫ OpenSSL Version0.9.7c

OpenSSL ≫ OpenSSL Version0.9.7d

OpenSSL ≫ OpenSSL Version0.9.7e

OpenSSL ≫ OpenSSL Version0.9.7f

OpenSSL ≫ OpenSSL Version0.9.7g

OpenSSL ≫ OpenSSL Version0.9.7h

OpenSSL ≫ OpenSSL Version0.9.7i

OpenSSL ≫ OpenSSL Version0.9.7j

OpenSSL ≫ OpenSSL Version0.9.7k

OpenSSL ≫ OpenSSL Version0.9.7l

OpenSSL ≫ OpenSSL Version0.9.7m

OpenSSL ≫ OpenSSL Version0.9.8

OpenSSL ≫ OpenSSL Version0.9.8a

OpenSSL ≫ OpenSSL Version0.9.8b

OpenSSL ≫ OpenSSL Version0.9.8c

OpenSSL ≫ OpenSSL Version0.9.8d

OpenSSL ≫ OpenSSL Version0.9.8e

OpenSSL ≫ OpenSSL Version0.9.8f

OpenSSL ≫ OpenSSL Version0.9.8g

OpenSSL ≫ OpenSSL Version0.9.8h

OpenSSL ≫ OpenSSL Version0.9.8i

OpenSSL ≫ OpenSSL Version0.9.8j

OpenSSL ≫ OpenSSL Version0.9.8k

OpenSSL ≫ OpenSSL Version0.9.8l

OpenSSL ≫ OpenSSL Version0.9.8m

OpenSSL ≫ OpenSSL Version0.9.8m Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.8n

OpenSSL ≫ OpenSSL Version0.9.8o

OpenSSL ≫ OpenSSL Version0.9.8p

OpenSSL ≫ OpenSSL Version0.9.8q

OpenSSL ≫ OpenSSL Version0.9.8r

OpenSSL ≫ OpenSSL Version0.9.8s

OpenSSL ≫ OpenSSL Version0.9.8t

OpenSSL ≫ OpenSSL Version0.9.8u

OpenSSL ≫ OpenSSL Version0.9.8v

OpenSSL ≫ OpenSSL Version0.9.8w

OpenSSL ≫ OpenSSL Version0.9.8x

OpenSSL ≫ OpenSSL Version1.0.0

OpenSSL ≫ OpenSSL Version1.0.0a

OpenSSL ≫ OpenSSL Version1.0.0b

OpenSSL ≫ OpenSSL Version1.0.0c

OpenSSL ≫ OpenSSL Version1.0.0d

OpenSSL ≫ OpenSSL Version1.0.0e

OpenSSL ≫ OpenSSL Version1.0.0f

OpenSSL ≫ OpenSSL Version1.0.0g

OpenSSL ≫ OpenSSL Version1.0.0h

OpenSSL ≫ OpenSSL Version1.0.0i

OpenSSL ≫ OpenSSL Version1.0.0j

OpenSSL ≫ OpenSSL Version1.0.1

OpenSSL ≫ OpenSSL Version1.0.1a

OpenSSL ≫ OpenSSL Version1.0.1b

OpenSSL ≫ OpenSSL Version1.0.1c

Redhat ≫ OpenSSL Version0.9.6-15

Redhat ≫ OpenSSL Version0.9.6b-3

Redhat ≫ OpenSSL Version0.9.7a-2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.33%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://www.kb.cert.org/vuls/id/737740

US Government Resource

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://support.apple.com/kb/HT5880

http://marc.info/?l=bugtraq&m=136432043316835&w=2

http://rhn.redhat.com/errata/RHSA-2013-0587.html

http://rhn.redhat.com/errata/RHSA-2013-0833.html

http://marc.info/?l=bugtraq&m=137545771702053&w=2

http://secunia.com/advisories/55108

http://secunia.com/advisories/55139

http://www.openssl.org/news/secadv_20130204.txt

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=136396549913849&w=2

http://rhn.redhat.com/errata/RHSA-2013-0782.html

http://rhn.redhat.com/errata/RHSA-2013-0783.html

http://secunia.com/advisories/53623

http://www.debian.org/security/2013/dsa-2621

http://www.splunk.com/view/SP-CAAAHXG

https://bugzilla.redhat.com/show_bug.cgi?id=908052

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487

https://nvd.nist.gov/vuln/detail/CVE-2013-0166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0166

EUVD