CVE-2008-0166

HIGH

OpenSSL <0.9.8g-9 - Info Disclosure

Title source: llm

Description

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Exploits (10)

exploitdb WORKING POC VERIFIED
by WarCat team · pythonremotelinux
https://www.exploit-db.com/exploits/5720
exploitdb SCANNER VERIFIED
by L4teral · rubyremotelinux
https://www.exploit-db.com/exploits/5632
exploitdb WORKING POC VERIFIED
by Markus Mueller · textremotelinux
https://www.exploit-db.com/exploits/5622
nomisec WRITEUP 410 stars
by g0tmi1k · poc
https://github.com/g0tmi1k/debian-ssh
nomisec SUSPICIOUS 9 stars
by demining · poc
https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166
nomisec WRITEUP 6 stars
by badkeys · poc
https://github.com/badkeys/debianopenssl
nomisec NO CODE 1 stars
by avarx · poc
https://github.com/avarx/vulnkeys
nomisec SUSPICIOUS
by QasimShahbaz21 · poc
https://github.com/QasimShahbaz21/CVE-Exploit-Research-Development
nomisec SUSPICIOUS
by Faizan8232403 · poc
https://github.com/Faizan8232403/CVE-Exploit-Research-Development
nomisec WORKING POC
by AhegaoPsyops · poc
https://github.com/AhegaoPsyops/sslWeakness

References (26)

... and 6 more

Scores

CVSS v3 7.5
EPSS 0.0249
EPSS Percentile 85.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-338
Status published
Products (6)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 7.04
canonical/ubuntu_linux 7.10
canonical/ubuntu_linux 8.04
debian/debian_linux 4.0
openssl/openssl 0.9.8c-1 - 0.9.8g
Published May 13, 2008
Tracked Since Feb 18, 2026