Launchpad CVE tracker

CVE 2013-0166

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Related bugs and status

CVE-2013-0166 (Candidate) is related to these bugs:

Bug #1331452: Please backport current CVEs for Precise LTS openssl098

		In	Importance	Status
1331452	Please backport current CVEs for Precise LTS openssl098	openssl098 (Ubuntu)	High	Fix Released
1331452	Please backport current CVEs for Precise LTS openssl098	openssl098 (Ubuntu Precise)	High	Fix Released
1331452	Please backport current CVEs for Precise LTS openssl098	openssl098 (Ubuntu Trusty)	Undecided	Fix Released
1331452	Please backport current CVEs for Precise LTS openssl098	openssl098 (Ubuntu Saucy)	Undecided	Fix Released
1331452	Please backport current CVEs for Precise LTS openssl098	openssl098 (Ubuntu Utopic)	High	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0166

References