High severity7.5NVD Advisory· Published May 13, 2008· Updated Apr 23, 2026

CVE-2008-0166

Description

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Affected products

OpenSSL Project/OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Range: >=0.9.8c-1,<=0.9.8g
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2008/dsa-1571nvdMailing ListPatchVendor Advisory
www.debian.org/security/2008/dsa-1576nvdMailing ListPatch
www.ubuntu.com/usn/usn-612-1nvdPatchThird Party Advisory
www.ubuntu.com/usn/usn-612-2nvdPatchThird Party Advisory
www.securityfocus.com/bid/29179nvdBroken LinkExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/5622nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/5632nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/5720nvdExploitThird Party AdvisoryVDB Entry
secunia.com/advisories/30136nvdBroken LinkVendor Advisory
secunia.com/advisories/30220nvdBroken LinkVendor Advisory
secunia.com/advisories/30221nvdBroken LinkVendor Advisory
secunia.com/advisories/30231nvdBroken LinkVendor Advisory
secunia.com/advisories/30239nvdBroken LinkVendor Advisory
secunia.com/advisories/30249nvdBroken LinkVendor Advisory
sourceforge.net/mailarchive/forum.phpnvdThird Party Advisory
www.kb.cert.org/vuls/id/925211nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/archive/1/492112/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-612-3nvdThird Party Advisory
www.ubuntu.com/usn/usn-612-4nvdThird Party Advisory
www.ubuntu.com/usn/usn-612-7nvdThird Party Advisory
www.us-cert.gov/cas/techalerts/TA08-137A.htmlnvdBroken LinkThird Party AdvisoryUS Government Resource
exchange.xforce.ibmcloud.com/vulnerabilities/42375nvdThird Party AdvisoryVDB Entry
metasploit.com/users/hdm/tools/debian-openssl/nvdBroken Link
16years.secvuln.infonvd
news.ycombinator.com/itemnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000