Lucene search

[email protected]NVD:CVE-2011-1945

HistoryMay 31, 2011 - 8:55 p.m.

CVE-2011-1945

2011-05-3120:55:05

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.8%

JSON

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

Affected configurations

Nvd

Node

opensslopensslRange≤1.0.0d

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

References

eprint.iacr.org/2011/232.pdf

lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

secunia.com/advisories/44935

support.apple.com/kb/HT5784

www.debian.org/security/2011/dsa-2309

www.kb.cert.org/vuls/id/536044

www.kb.cert.org/vuls/id/MAPG-8FENZ3

www.mandriva.com/security/advisories?name=MDVSA-2011:136

www.mandriva.com/security/advisories?name=MDVSA-2011:137

hermes.opensuse.org/messages/8760466

hermes.opensuse.org/messages/8764170

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.8%

JSON

Related for NVD:CVE-2011-1945

prion1 openvas13 osv1 nessus13 f52 securityvulns3 debian2 cert1 cve1 ubuntucve1 cvelist1 debiancve1 gentoo1 ubuntu1 lenovo2