CVE-2013-0166

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
opensslopenssl
0.9.1c
opensslopenssl
0.9.2b
opensslopenssl
0.9.3
opensslopenssl
0.9.3a
opensslopenssl
0.9.4
opensslopenssl
0.9.5
opensslopenssl
0.9.5
opensslopenssl
0.9.5
opensslopenssl
0.9.5a
opensslopenssl
0.9.5a
opensslopenssl
0.9.5a
opensslopenssl
0.9.6
opensslopenssl
0.9.6
opensslopenssl
0.9.6
opensslopenssl
0.9.6
opensslopenssl
0.9.6a
opensslopenssl
0.9.6a
opensslopenssl
0.9.6a
opensslopenssl
0.9.6a
opensslopenssl
0.9.6b
opensslopenssl
0.9.6c
opensslopenssl
0.9.6d
opensslopenssl
0.9.6e
opensslopenssl
0.9.6f
opensslopenssl
0.9.6g
opensslopenssl
0.9.6h
opensslopenssl
0.9.6i
opensslopenssl
0.9.6j
opensslopenssl
0.9.6k
opensslopenssl
0.9.6l
opensslopenssl
0.9.6m
opensslopenssl
0.9.7
opensslopenssl
0.9.7
opensslopenssl
0.9.7
opensslopenssl
0.9.7
opensslopenssl
0.9.7
opensslopenssl
0.9.7
opensslopenssl
0.9.7
opensslopenssl
0.9.7a
opensslopenssl
0.9.7b
opensslopenssl
0.9.7c
opensslopenssl
0.9.7d
opensslopenssl
0.9.7e
opensslopenssl
0.9.7f
opensslopenssl
0.9.7g
opensslopenssl
0.9.7h
opensslopenssl
0.9.7i
opensslopenssl
0.9.7j
opensslopenssl
0.9.7k
opensslopenssl
0.9.7l
opensslopenssl
0.9.7m
opensslopenssl
0.9.8
opensslopenssl
0.9.8a
opensslopenssl
0.9.8b
opensslopenssl
0.9.8c
opensslopenssl
0.9.8d
opensslopenssl
0.9.8e
opensslopenssl
0.9.8f
opensslopenssl
0.9.8g
opensslopenssl
0.9.8h
opensslopenssl
0.9.8i
opensslopenssl
0.9.8j
opensslopenssl
0.9.8k
opensslopenssl
0.9.8l
opensslopenssl
0.9.8m
opensslopenssl
0.9.8m
opensslopenssl
0.9.8n
opensslopenssl
0.9.8o
opensslopenssl
0.9.8p
opensslopenssl
0.9.8q
opensslopenssl
0.9.8r
opensslopenssl
0.9.8s
opensslopenssl
0.9.8t
opensslopenssl
0.9.8u
opensslopenssl
0.9.8v
opensslopenssl
0.9.8w
opensslopenssl
0.9.8x
opensslopenssl
1.0.0
opensslopenssl
1.0.0a
opensslopenssl
1.0.0b
opensslopenssl
1.0.0c
opensslopenssl
1.0.0d
opensslopenssl
1.0.0e
opensslopenssl
1.0.0f
opensslopenssl
1.0.0g
opensslopenssl
1.0.0h
opensslopenssl
1.0.0i
opensslopenssl
1.0.0j
opensslopenssl
1.0.1
opensslopenssl
1.0.1a
opensslopenssl
1.0.1b
opensslopenssl
1.0.1c
redhatopenssl
0.9.6-15
redhatopenssl
0.9.6b-3
redhatopenssl
0.9.7a-2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssl
trusty
Fixed 1.0.1c-4ubuntu4
released
saucy
Fixed 1.0.1c-4ubuntu4
released
raring
Fixed 1.0.1c-4ubuntu4
released
quantal
Fixed 1.0.1c-3ubuntu2.1
released
precise
Fixed 1.0.1-4ubuntu5.6
released
oneiric
Fixed 1.0.0e-2ubuntu4.7
released
lucid
Fixed 0.9.8k-7ubuntu8.14
released
hardy
Fixed 0.9.8g-4ubuntu3.20
released
openssl098
trusty
Fixed 0.9.8o-7ubuntu3.2.14.04.1
released
saucy
Fixed 0.9.8o-7ubuntu3.2.13.10.1
released
raring
ignored
quantal
ignored
precise
Fixed 0.9.8o-7ubuntu3.2
released
oneiric
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References