U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 88 matching records.
Displaying matches 81 through 88.
Vuln ID Summary CVSS Severity
CVE-2009-1377

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

Published: May 19, 2009; 3:30:00 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2009-0789

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Published: March 27, 2009; 12:30:02 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2009-0590

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Published: March 27, 2009; 12:30:00 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2008-5077

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Published: January 07, 2009; 12:30:00 PM -0500 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Published: May 13, 2008; 1:20:00 PM -0400 		V3.1: 7.5 HIGH
 V2.0: 7.8 HIGH
CVE-2007-4995

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

Published: October 12, 2007; 9:17:00 PM -0400 		V3.x:(not available)
 V2.0: 9.3 HIGH
CVE-2007-5135

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Published: September 27, 2007; 4:17:00 PM -0400 		V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2007-3108

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

Published: August 07, 2007; 9:17:00 PM -0400 		V3.x:(not available)
 V2.0: 1.2 LOW