Vulnerabilities

CVE-2013-0166

by Fred · 08/02/2013

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Date published : 2013-02-08

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://www.kb.cert.org/vuls/id/737740

Similar

Tags: Cybersecurity Alert