OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:13
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2013-02-08 19:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-0166
Mitre link : CVE-2013-0166
CVE.ORG link : CVE-2013-0166
JSON object : View
Products Affected
openssl
- openssl
redhat
- openssl
CWE
CWE-310
Cryptographic Issues