5

CVE-2013-0166

EPSS 5.33%
Published 08.02.2013 19:55:00
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Affected products Warnungen 0 Metrics 2 CWE 0 References 30

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version0.9.1c

OpenSSL ≫ OpenSSL Version0.9.2b

OpenSSL ≫ OpenSSL Version0.9.3

OpenSSL ≫ OpenSSL Version0.9.3a

OpenSSL ≫ OpenSSL Version0.9.4

OpenSSL ≫ OpenSSL Version0.9.5

OpenSSL ≫ OpenSSL Version0.9.5 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.5 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.5a

OpenSSL ≫ OpenSSL Version0.9.5a Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.5a Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6 Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.6a

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.6a Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.6b

OpenSSL ≫ OpenSSL Version0.9.6c

OpenSSL ≫ OpenSSL Version0.9.6d

OpenSSL ≫ OpenSSL Version0.9.6e

OpenSSL ≫ OpenSSL Version0.9.6f

OpenSSL ≫ OpenSSL Version0.9.6g

OpenSSL ≫ OpenSSL Version0.9.6h

OpenSSL ≫ OpenSSL Version0.9.6i

OpenSSL ≫ OpenSSL Version0.9.6j

OpenSSL ≫ OpenSSL Version0.9.6k

OpenSSL ≫ OpenSSL Version0.9.6l

OpenSSL ≫ OpenSSL Version0.9.6m

OpenSSL ≫ OpenSSL Version0.9.7

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta2

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta3

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta4

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta5

OpenSSL ≫ OpenSSL Version0.9.7 Updatebeta6

OpenSSL ≫ OpenSSL Version0.9.7a

OpenSSL ≫ OpenSSL Version0.9.7b

OpenSSL ≫ OpenSSL Version0.9.7c

OpenSSL ≫ OpenSSL Version0.9.7d

OpenSSL ≫ OpenSSL Version0.9.7e

OpenSSL ≫ OpenSSL Version0.9.7f

OpenSSL ≫ OpenSSL Version0.9.7g

OpenSSL ≫ OpenSSL Version0.9.7h

OpenSSL ≫ OpenSSL Version0.9.7i

OpenSSL ≫ OpenSSL Version0.9.7j

OpenSSL ≫ OpenSSL Version0.9.7k

OpenSSL ≫ OpenSSL Version0.9.7l

OpenSSL ≫ OpenSSL Version0.9.7m

OpenSSL ≫ OpenSSL Version0.9.8

OpenSSL ≫ OpenSSL Version0.9.8a

OpenSSL ≫ OpenSSL Version0.9.8b

OpenSSL ≫ OpenSSL Version0.9.8c

OpenSSL ≫ OpenSSL Version0.9.8d

OpenSSL ≫ OpenSSL Version0.9.8e

OpenSSL ≫ OpenSSL Version0.9.8f

OpenSSL ≫ OpenSSL Version0.9.8g

OpenSSL ≫ OpenSSL Version0.9.8h

OpenSSL ≫ OpenSSL Version0.9.8i

OpenSSL ≫ OpenSSL Version0.9.8j

OpenSSL ≫ OpenSSL Version0.9.8k

OpenSSL ≫ OpenSSL Version0.9.8l

OpenSSL ≫ OpenSSL Version0.9.8m

OpenSSL ≫ OpenSSL Version0.9.8m Updatebeta1

OpenSSL ≫ OpenSSL Version0.9.8n

OpenSSL ≫ OpenSSL Version0.9.8o

OpenSSL ≫ OpenSSL Version0.9.8p

OpenSSL ≫ OpenSSL Version0.9.8q

OpenSSL ≫ OpenSSL Version0.9.8r

OpenSSL ≫ OpenSSL Version0.9.8s

OpenSSL ≫ OpenSSL Version0.9.8t

OpenSSL ≫ OpenSSL Version0.9.8u

OpenSSL ≫ OpenSSL Version0.9.8v

OpenSSL ≫ OpenSSL Version0.9.8w

OpenSSL ≫ OpenSSL Version0.9.8x

OpenSSL ≫ OpenSSL Version1.0.0

OpenSSL ≫ OpenSSL Version1.0.0a

OpenSSL ≫ OpenSSL Version1.0.0b

OpenSSL ≫ OpenSSL Version1.0.0c

OpenSSL ≫ OpenSSL Version1.0.0d

OpenSSL ≫ OpenSSL Version1.0.0e

OpenSSL ≫ OpenSSL Version1.0.0f

OpenSSL ≫ OpenSSL Version1.0.0g

OpenSSL ≫ OpenSSL Version1.0.0h

OpenSSL ≫ OpenSSL Version1.0.0i

OpenSSL ≫ OpenSSL Version1.0.0j

OpenSSL ≫ OpenSSL Version1.0.1

OpenSSL ≫ OpenSSL Version1.0.1a

OpenSSL ≫ OpenSSL Version1.0.1b

OpenSSL ≫ OpenSSL Version1.0.1c

Redhat ≫ OpenSSL Version0.9.6-15

Redhat ≫ OpenSSL Version0.9.6b-3

Redhat ≫ OpenSSL Version0.9.7a-2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.33%	0.896

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://www.kb.cert.org/vuls/id/737740

US Government Resource

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://support.apple.com/kb/HT5880

http://marc.info/?l=bugtraq&m=136432043316835&w=2

http://rhn.redhat.com/errata/RHSA-2013-0587.html

http://rhn.redhat.com/errata/RHSA-2013-0833.html

http://marc.info/?l=bugtraq&m=137545771702053&w=2

http://secunia.com/advisories/55108

http://secunia.com/advisories/55139

http://www.openssl.org/news/secadv_20130204.txt

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=136396549913849&w=2

http://rhn.redhat.com/errata/RHSA-2013-0782.html

http://rhn.redhat.com/errata/RHSA-2013-0783.html

http://secunia.com/advisories/53623

http://www.debian.org/security/2013/dsa-2621

http://www.splunk.com/view/SP-CAAAHXG

https://bugzilla.redhat.com/show_bug.cgi?id=908052

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487

https://nvd.nist.gov/vuln/detail/CVE-2013-0166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0166

EUVD