CVE-1999-0428

Chris Rhoads crhoads at identify3d.com
Tue Mar 3 22:16:51 UTC 2020


Hi openssl-users,


I am researching the known vulnerabilities of open source software that we
are considering.  According to the NIST NVD web site, the 1.1.1d version of
OpenSSL has a few known vulnerabilities:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aopenssl&cpe_product=cpe%3A%2F%3A%3Aopenssl&cpe_version=cpe%3A%2F%3Aopenssl%3Aopenssl%3A1.1.1d


It appears most of the vulnerabilities that are listed by NIST can be
dismissed since the security vulnerability was actually in an application
that uses OpenSSL instead of being in OpenSSL itself.


But I've been unable to determine with certainty how the last vulnerability
on this list (CVE-1999-0428) was fixed.  In my research, I've found a
potential OpenSSL update in release 0.9.2b that may have addressed the
vulnerability: https://seclists.org/bugtraq/1999/Mar/144.  But this
security alert message doesn't reference any CVE number.


The OpenSSL Vulnerabilities web page (
https://www.openssl.org/news/vulnerabilities.html) doesn't go back to 1999,
so it doesn't provide any information regarding this vulnerability.


Can anyone point me to OpenSSL documentation that indicates CVE-1999-0428
was fixed?  Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200303/48b82548/attachment.html>


More information about the openssl-users mailing list