Vulnerability DatabaseCVE-2013-0166
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2013-0166
Published:February 08, 2013
Updated:May 17, 2026
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Related Resources (30)
https://bugzilla.redhat.com/show_bug.cgi?id=908052
http://marc.info/?l=bugtraq&m=136396549913849&w=2
http://secunia.com/advisories/55108
http://www.openssl.org/news/secadv_20130204.txt
http://rhn.redhat.com/errata/RHSA-2013-0783.html
http://secunia.com/advisories/53623
http://www.kb.cert.org/vuls/id/737740
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
http://marc.info/?l=bugtraq&m=137545771702053&w=2
https://security-tracker.debian.org/tracker/CVE-2013-0166
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
http://www.splunk.com/view/SP-CAAAHXG
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://marc.info/?l=bugtraq&m=136432043316835&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0166
http://rhn.redhat.com/errata/RHSA-2013-0587.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://access.redhat.com/security/cve/CVE-2013-0166
http://rhn.redhat.com/errata/RHSA-2013-0782.html
http://secunia.com/advisories/55139
http://support.apple.com/kb/HT5880
http://www.debian.org/security/2013/dsa-2621
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
EPSS
Base Score:
9.51