CVE-2013-0166

CWE-3109 documents9 sources

Severity

5.0MEDIUM

EPSS

11.0%

top 6.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Openssl Redhat Openssl

Timeline

PublishedFeb 8

Latest updateMay 5

Description

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianopenssl< 1.0.1e-1+3

▶NVDredhat/openssl0.9.6-15, 0.9.6b-3, 0.9.7a-2+2

▶NVDopenssl/openssl75 versions+74

🔴Vulnerability Details

GHSA

GHSA-f8qw-pqjg-gpv2: OpenSSL before 0↗2022-05-05

▶

OSV

CVE-2013-0166: OpenSSL before 0↗2013-02-08

▶

CVEList

CVE-2013-0166: OpenSSL before 0↗2013-02-08

▶

📋Vendor Advisories

BSD

FreeBSD-SA-13:03.openssl: OpenSSL multiple vulnerabilities↗2013-04-02

▶

Ubuntu

OpenSSL vulnerabilities↗2013-02-21

▶

Red Hat

openssl: DoS due to improper handling of OCSP response verification↗2013-02-05

▶

Debian

CVE-2013-0166: openssl - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not pro...↗2013

▶

💬Community

Bugzilla

CVE-2013-0166 openssl: DoS due to improper handling of OCSP response verification↗2013-02-05

▶