GCVE - cpe:2.3:o:openbsd:openbsd:4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:openbsd:openbsd:4.1:*:*:*:*:*:*:*

part: o version: 4.1 update: *

Vendor	Openbsd (`932cdfc2-94b9-5fb6-8ef3-d0b271f414b5`)
Product	Openbsd (`53340739-b0b7-5bcf-88ee-45d5aaf96683`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/openbsd/src`	purl2cpe	2026-06-01 10:17:38.225368
`pkg:openbsd/openbsd`	purl2cpe	2026-06-01 10:17:38.225370

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2168`	vulnerable	2026-06-08 04:58:04.436401	Details available Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. Published: 2011-05-24T23:00:00.000Z Updated: 2024-08-06T22:53:16.829Z Open on db.gcve.eu Reference links http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h http://www.securityfocus.com/bid/48004 http://securityreason.com/achievement_securityalert/97 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-0537`	vulnerable	2026-06-08 04:51:09.888627	Details available Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. Published: 2009-03-09T21:00:00.000Z Updated: 2024-08-07T04:40:03.697Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/8163 http://www.securitytracker.com/id?1021818 http://securityreason.com/achievement_securityalert/60 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h http://www.securityfocus.com/bid/34008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-4609`	vulnerable	2026-06-08 04:50:47.235269	Details available The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. Published: 2008-10-20T17:00:00.000Z Updated: 2024-08-07T10:24:20.677Z Open on db.gcve.eu Reference links http://blog.robertlee.name/2008/10/conjecture-speculation.html https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://insecure.org/stf/tcp-dos-attack-explained.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1215`	vulnerable	2026-06-08 04:50:19.674164	Details available Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. Published: 2008-03-09T02:00:00.000Z Updated: 2024-08-07T08:17:34.461Z Open on db.gcve.eu Reference links http://secunia.com/advisories/29238 http://www.openbsd.org/errata42.html#009_ppp http://www.securityfocus.com/archive/82/488980/30/0/threaded http://www.openbsd.org/errata41.html#014_ppp http://www.securityfocus.com/archive/82/489031/30/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1148`	not_vulnerable	2026-06-08 04:50:19.161530	Details available A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Published: 2008-03-04T23:00:00.000Z Updated: 2024-08-07T08:08:57.600Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/487658 https://exchange.xforce.ibmcloud.com/vulnerabilities/41157 http://secunia.com/advisories/28819 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf http://www.securiteam.com/securityreviews/5PP0H0UNGW.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1147`	not_vulnerable	2026-06-08 04:50:19.156674	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1146`	not_vulnerable	2026-06-08 04:50:19.148519	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1058`	vulnerable	2026-06-08 04:50:18.709747	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-6700`	vulnerable	2026-06-08 04:50:09.492924	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-5365`	vulnerable	2026-06-08 04:50:04.959511	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.