GCVE - cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

part: o version: 3.9 update: *

Vendor	Openbsd (`932cdfc2-94b9-5fb6-8ef3-d0b271f414b5`)
Product	Openbsd (`53340739-b0b7-5bcf-88ee-45d5aaf96683`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/openbsd/src`	purl2cpe	2026-06-01 10:17:38.225363
`pkg:openbsd/openbsd`	purl2cpe	2026-06-01 10:17:38.225364

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2168`	vulnerable	2026-06-08 04:58:04.434814	Details available Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. Published: 2011-05-24T23:00:00.000Z Updated: 2024-08-06T22:53:16.829Z Open on db.gcve.eu Reference links http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h http://www.securityfocus.com/bid/48004 http://securityreason.com/achievement_securityalert/97 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-0537`	vulnerable	2026-06-08 04:51:09.887680	Details available Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. Published: 2009-03-09T21:00:00.000Z Updated: 2024-08-07T04:40:03.697Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/8163 http://www.securitytracker.com/id?1021818 http://securityreason.com/achievement_securityalert/60 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h http://www.securityfocus.com/bid/34008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-4609`	vulnerable	2026-06-08 04:50:47.234222	Details available The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. Published: 2008-10-20T17:00:00.000Z Updated: 2024-08-07T10:24:20.677Z Open on db.gcve.eu Reference links http://blog.robertlee.name/2008/10/conjecture-speculation.html https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://insecure.org/stf/tcp-dos-attack-explained.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1148`	not_vulnerable	2026-06-08 04:50:19.161497	Details available A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Published: 2008-03-04T23:00:00.000Z Updated: 2024-08-07T08:08:57.600Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/487658 https://exchange.xforce.ibmcloud.com/vulnerabilities/41157 http://secunia.com/advisories/28819 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf http://www.securiteam.com/securityreviews/5PP0H0UNGW.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1147`	not_vulnerable	2026-06-08 04:50:19.156641	Details available A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Published: 2008-03-04T23:00:00.000Z Updated: 2024-08-07T08:08:57.697Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/41155 http://seclists.org/bugtraq/2008/Feb/0063.html http://seclists.org/bugtraq/2008/Feb/0052.html http://www.securityfocus.com/archive/1/487658 http://secunia.com/advisories/28819	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1146`	not_vulnerable	2026-06-08 04:50:19.147990	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2242`	not_vulnerable	2026-06-08 04:49:44.440171	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1365`	vulnerable	2026-06-08 04:49:42.233265	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1352`	vulnerable	2026-06-08 04:49:42.181608	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1351`	vulnerable	2026-06-08 04:49:42.159211	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0085`	vulnerable	2026-06-08 04:49:31.420969	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6164`	vulnerable	2026-06-08 04:49:22.212788	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-5218`	vulnerable	2026-06-08 04:49:20.078284	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4436`	vulnerable	2026-06-08 04:49:17.924845	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4435`	vulnerable	2026-06-08 04:49:17.924409	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4304`	vulnerable	2026-06-08 04:49:17.515696	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.