FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-0166

This CVE name corresponds to:

Entered Topic
2013-04-02 FreeBSD -- OpenSSL multiple vulnerabilities
2013-02-06 OpenSSL -- TLS 1.1, 1.2 denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-0166 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-0166
Phase Assigned(20121206)

Description

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

References

Source Reference
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
CONFIRM http://www.openssl.org/news/secadv_20130204.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=908052
CONFIRM http://support.apple.com/kb/HT5880
CONFIRM http://www.splunk.com/view/SP-CAAAHXG
APPLE APPLE-SA-2013-09-12-1
DEBIAN DSA-2621
HP HPSBUX02856
HP SSRT101104
HP HPSBUX02909
HP SSRT101289
REDHAT RHSA-2013:0587
REDHAT RHSA-2013:0782
REDHAT RHSA-2013:0783
REDHAT RHSA-2013:0833
SUSE SUSE-SU-2015:0578
CERT-VN VU#737740
OVAL oval:org.mitre.oval:def:19081
OVAL oval:org.mitre.oval:def:18754
OVAL oval:org.mitre.oval:def:19360
OVAL oval:org.mitre.oval:def:19487
SECUNIA 55108
SECUNIA 55139
SECUNIA 53623

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.