Vulnerabilities > Openssl > Openssl > 0.9.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-28 | CVE-2006-2940 | Resource Management Errors vulnerability in Openssl OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | 7.8 |
2006-09-05 | CVE-2006-4339 | Cryptographic Issues vulnerability in Openssl OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | 4.3 |
2005-09-16 | CVE-2005-2946 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | 7.5 |
2005-05-26 | CVE-2005-1797 | Unspecified vulnerability in Openssl The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | 5.1 |
2005-02-09 | CVE-2004-0975 | The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | 2.1 |
2003-12-01 | CVE-2003-0851 | Remote Denial Of Service vulnerability in OpenSSL ASN.1 Large Recursion OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. | 5.0 |
2003-11-17 | CVE-2003-0545 | Double Free vulnerability in Openssl 0.9.6/0.9.7 Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. | 9.8 |
2003-11-17 | CVE-2003-0544 | Unspecified vulnerability in Openssl 0.9.6/0.9.7 OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. | 5.0 |
2003-11-17 | CVE-2003-0543 | Unspecified vulnerability in Openssl 0.9.6/0.9.7 Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. | 5.0 |
2003-03-31 | CVE-2003-0147 | OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | 5.0 |