See also

OPENSSL : OpenSSL 1.0

OPENSSL : openssl 0.9.5

Name: OPENSSL : OpenSSL 0.9

6!	"Digicert Sdn. Bhd." weak certificates
		Few weak certificates were issued by intermediate CA.
	OpenSSL security vulnerabilities
		DoS, protection bypass.
6!	OpenSSL protection level downgrade
		Attacker can downgrade cipher level for subsequent connections.
8!	OpenSSL buffer overflow
		Race conditions with buffer overflow.
	OpenSSL library double free vulnerability
		Double free() in ECDH code.
6!	OpenSSL DoS confitions
		DoS conditions in ssl3_get_record and kssl_keytab_is_available functions.
8!	SSL data injection updated since 09.11.2009
		Data injection possibility connected with SSL in-session renegotiation.
	OpenSSL memory leak
		It's possible to exploit memory leak to create denial of service conditions via resources exhaustion.
	Multiple OpenSSL DoS conditions
		Multiple vulnerabilities on DTLS handling.
6!	OpenSSL multiple security vulnerabilities
		Memory corruptions, memory leaks.
	OpenSSL library BMPString DoS
		Crash on UniversalString and BMPString parsing.
7!	OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities updated since 09.01.2009
		Multiple vulnerabilities in SSL/TLS DSA/ECDSA certificate chain validations.
6!	OpenSSL multiple security vulnerabilities
		NULL pointer dereference, memory corruption on TLS certificate exchange.
	OpenSSL DTLS code execution
8!	Multiple OpenSSL security vulnerabilities updated since 29.09.2006
		Multiple DoS conditions in server and client functions, SSL_get_shared_ciphers() buffer overflow.
	OpenSSL cryptographic vulnerability
		Montgomery multiplication for elleptic cryptography is not applied in BN_from_montgomery() functions, making it possible to retrieve RSA private key of different user.
7!	OpenSSL cryptography security vulnerabilities updated since 05.09.2006
		It's possible to spoof signature of PKCS #1 v1.5 RSA key with exponent 3.
	OpenSSL SSL 2.0 rollback (weak cryptography)
		Active man-in-the-middle attacker can force rollback to SSL 2.0 protocol with known cryptographic weakness for both client and server if SSL_OP_MSIE_SSLV2_RSA_PADDING (or SSL_OP_ALL) configuration option is enabled.
7!	Multiple bugs in OpenSSL updated since 30.09.2003
		Rpbolem with stack corruption, uninitialized memory references.
	OpenSSL symbolic links problem
		der_chop Script symbolic links problem.
	Multiple OpenSSL DoS bugs updated since 17.03.2004
		Few bugs patched during product audit.
7!	Open SSL timing attack updated since 19.02.2003
		Because of timing difference it's possible to distinguish between bad padding and a MAC verification error. It's also possible to recover RSA secret.
7!	Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
		On some conditions it's possible server's private key to be applied to attacker choosen ciphertext.
10!	Buffer overflows in OpenSSL
		4 different buffer overflows.
	Проблемы с генерацией псевдо-случайных чисел в OpenSSL (pseudo random generator weakness)