CVE-2013-0166 [Medium] | Denial of Service in Openssl

CVE-2013-0166 is rated Moderate Risk (59/100): CVSS Medium severity, with high exploitation likelihood (EPSS 19.65%, 97th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +10.14% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	9.51%	19.65%	+10.14%
2	2026-04-23	11.01%	9.51%	-1.50%
3	2026-03-04	—	11.01%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

9.51%

19.65%

+10.14%

2026-04-23

11.01%

9.51%

-1.50%

2026-03-04

—

11.01%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

2.9

[email protected]

OS Trackers for CVE-2013-0166

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2013-0166 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2013-0166
`gentoo`	low	CVE-2013-0166: 1 GLSA(s) (201312-03), 1 atom(s) (dev-libs/openssl); latest impact low.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-0166
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2013-0166
`suse`	medium	CVE-2013-0166 severity moderate: SUSE including 159 source package names (compat-openssl097g-0.9.7g-146.22.25.1, compat-openssl097g-0.9.7g-146.22.29.1, …), 394 product×package rows across 62 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (62 product lines)): Fixed 229, Known Not Affected 165.	https://www.suse.com/security/cve/CVE-2013-0166/
`ubuntu`	medium	CVE-2013-0166 medium priority: Ubuntu including 2 source packages (openssl, openssl098), 18 status rows across 9 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, trusty, upstream): released 13, ignored 3, DNE 2.	https://ubuntu.com/security/CVE-2013-0166

Affected software / configurations for CVE-2013-0166

Vendor	Product	Version	Raw CPE
openssl	openssl	0.9.1c	cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
openssl	openssl	0.9.2b	cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
openssl	openssl	0.9.3	cpe:2.3:a:openssl:openssl:0.9.3:::::::*
openssl	openssl	0.9.3a	cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
openssl	openssl	0.9.4	cpe:2.3:a:openssl:openssl:0.9.4:::::::*
openssl	openssl	0.9.5	cpe:2.3:a:openssl:openssl:0.9.5:::::::*
openssl	openssl	0.9.5	cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
openssl	openssl	0.9.5	cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
openssl	openssl	0.9.5a	cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
openssl	openssl	0.9.5a	cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
openssl	openssl	0.9.5a	cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
openssl	openssl	0.9.6	cpe:2.3:a:openssl:openssl:0.9.6:::::::*
openssl	openssl	0.9.6	cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
openssl	openssl	0.9.6	cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
openssl	openssl	0.9.6	cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
openssl	openssl	0.9.6a	cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
openssl	openssl	0.9.6a	cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
openssl	openssl	0.9.6a	cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
openssl	openssl	0.9.6a	cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
openssl	openssl	0.9.6b	cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
openssl	openssl	0.9.6c	cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
openssl	openssl	0.9.6d	cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
openssl	openssl	0.9.6e	cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
openssl	openssl	0.9.6f	cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
openssl	openssl	0.9.6g	cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
openssl	openssl	0.9.6h	cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
openssl	openssl	0.9.6i	cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
openssl	openssl	0.9.6j	cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
openssl	openssl	0.9.6k	cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
openssl	openssl	0.9.6l	cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
openssl	openssl	0.9.6m	cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:::::::*
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
openssl	openssl	0.9.7	cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
openssl	openssl	0.9.7a	cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
openssl	openssl	0.9.7b	cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
openssl	openssl	0.9.7c	cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
openssl	openssl	0.9.7d	cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
openssl	openssl	0.9.7e	cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
openssl	openssl	0.9.7f	cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
openssl	openssl	0.9.7g	cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
openssl	openssl	0.9.7h	cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
openssl	openssl	0.9.7i	cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
openssl	openssl	0.9.7j	cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
openssl	openssl	0.9.7k	cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
openssl	openssl	0.9.7l	cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
openssl	openssl	0.9.7m	cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
openssl	openssl	0.9.8	cpe:2.3:a:openssl:openssl:0.9.8:::::::*
openssl	openssl	0.9.8a	cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
openssl	openssl	0.9.8b	cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
openssl	openssl	0.9.8c	cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
openssl	openssl	0.9.8d	cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
openssl	openssl	0.9.8e	cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
openssl	openssl	0.9.8f	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
openssl	openssl	0.9.8g	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
openssl	openssl	0.9.8h	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
openssl	openssl	0.9.8i	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
openssl	openssl	0.9.8j	cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
openssl	openssl	0.9.8k	cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
openssl	openssl	0.9.8l	cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
openssl	openssl	0.9.8m	cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
openssl	openssl	0.9.8m	cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
openssl	openssl	0.9.8n	cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
openssl	openssl	0.9.8o	cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
openssl	openssl	0.9.8p	cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
openssl	openssl	0.9.8q	cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
openssl	openssl	0.9.8r	cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
openssl	openssl	0.9.8s	cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
openssl	openssl	0.9.8t	cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
openssl	openssl	0.9.8u	cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
openssl	openssl	0.9.8v	cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
openssl	openssl	0.9.8w	cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
openssl	openssl	0.9.8x	cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
openssl	openssl	1.0.0a	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
openssl	openssl	1.0.0b	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*

References for CVE-2013-0166

URL	Tags
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=136396549913849&w=2
http://marc.info/?l=bugtraq&m=136432043316835&w=2
http://marc.info/?l=bugtraq&m=137545771702053&w=2
http://rhn.redhat.com/errata/RHSA-2013-0587.html
http://rhn.redhat.com/errata/RHSA-2013-0782.html
http://rhn.redhat.com/errata/RHSA-2013-0783.html
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://secunia.com/advisories/53623
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
http://support.apple.com/kb/HT5880
http://www.debian.org/security/2013/dsa-2621
http://www.kb.cert.org/vuls/id/737740	US Government Resource
http://www.openssl.org/news/secadv_20130204.txt	Vendor Advisory
http://www.splunk.com/view/SP-CAAAHXG
https://bugzilla.redhat.com/show_bug.cgi?id=908052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001

URL

CVE-2013-0166

Exploit prediction scoring system (EPSS) score for CVE-2013-0166

Common vulnerability scoring system (CVSS) metrics for CVE-2013-0166

Weakness enumeration for CVE-2013-0166

OS Trackers for CVE-2013-0166

Affected software / configurations for CVE-2013-0166

References for CVE-2013-0166