Lucene search

[email protected]CVE-2011-4576

HistoryJan 06, 2012 - 1:55 a.m.

CVE-2011-4576

2012-01-0601:55:00

CWE-310

[email protected]

web.nvd.nist.gov

3107

cve-2011-4576

openssl

ssl 3.0

data structure initialization

block cipher padding

sensitive information

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

High

EPSS

0.009

Percentile

82.6%

JSON

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8r

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6hbogus

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch0.9.8q

Node

opensslopensslRange≤1.0.0e

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

VendorProductVersionCPE
opensslopenssl0.9.8gcpe:/a:openssl:openssl:0.9.8g:::
opensslopenssl0.9.8icpe:/a:openssl:openssl:0.9.8i:::
opensslopenssl0.9.8dcpe:/a:openssl:openssl:0.9.8d:::
opensslopenssl0.9.7dcpe:/a:openssl:openssl:0.9.7d:::
opensslopenssl0.9.6hcpe:/a:openssl:openssl:0.9.6h:::
opensslopenssl0.9.6lcpe:/a:openssl:openssl:0.9.6l:::
opensslopenssl0.9.8ncpe:/a:openssl:openssl:0.9.8n:::
opensslopenssl0.9.2bcpe:/a:openssl:openssl:0.9.2b:::
opensslopenssl0.9.7bcpe:/a:openssl:openssl:0.9.7b:::
opensslopenssl0.9.6acpe:/a:openssl:openssl:0.9.6a:::

Vendor	Product	Version	CPE
openssl	openssl	0.9.8g	cpe:/a:openssl:openssl:0.9.8g:::
openssl	openssl	0.9.8i	cpe:/a:openssl:openssl:0.9.8i:::
openssl	openssl	0.9.8d	cpe:/a:openssl:openssl:0.9.8d:::
openssl	openssl	0.9.7d	cpe:/a:openssl:openssl:0.9.7d:::
openssl	openssl	0.9.6h	cpe:/a:openssl:openssl:0.9.6h:::
openssl	openssl	0.9.6l	cpe:/a:openssl:openssl:0.9.6l:::
openssl	openssl	0.9.8n	cpe:/a:openssl:openssl:0.9.8n:::
openssl	openssl	0.9.2b	cpe:/a:openssl:openssl:0.9.2b:::
openssl	openssl	0.9.7b	cpe:/a:openssl:openssl:0.9.7b:::
openssl	openssl	0.9.6a	cpe:/a:openssl:openssl:0.9.6a:::