Vulnerabilities > Openssl > Openssl > 0.9.8h
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-27 | CVE-2009-0591 | Improper Authentication vulnerability in Openssl 0.9.8H/0.9.8I/0.9.8J The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | 2.6 |
2009-03-27 | CVE-2009-0590 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | 5.0 |
2009-01-07 | CVE-2008-5077 | Improper Input Validation vulnerability in Openssl OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | 5.8 |