Lucene search

[email protected]NVD:CVE-2011-4354

HistoryJan 27, 2012 - 12:55 a.m.

CVE-2011-4354

2012-01-2700:55:01

CWE-310

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8gx86

opensslopensslMatch0.9.1cx86

opensslopensslMatch0.9.2bx86

opensslopensslMatch0.9.3x86

opensslopensslMatch0.9.3ax86

opensslopensslMatch0.9.4x86

opensslopensslMatch0.9.5x86

opensslopensslMatch0.9.5beta1x86

opensslopensslMatch0.9.5beta2x86

opensslopensslMatch0.9.5ax86

opensslopensslMatch0.9.5abeta1x86

opensslopensslMatch0.9.5abeta2x86

opensslopensslMatch0.9.6x86

opensslopensslMatch0.9.6beta1x86

opensslopensslMatch0.9.6beta2x86

opensslopensslMatch0.9.6beta3x86

opensslopensslMatch0.9.6ax86

opensslopensslMatch0.9.6abeta1x86

opensslopensslMatch0.9.6abeta2x86

opensslopensslMatch0.9.6abeta3x86

opensslopensslMatch0.9.6bx86

opensslopensslMatch0.9.6cx86

opensslopensslMatch0.9.6dx86

opensslopensslMatch0.9.6ex86

opensslopensslMatch0.9.6fx86

opensslopensslMatch0.9.6gx86

opensslopensslMatch0.9.6hx86

opensslopensslMatch0.9.6ix86

opensslopensslMatch0.9.6jx86

opensslopensslMatch0.9.6kx86

opensslopensslMatch0.9.6lx86

opensslopensslMatch0.9.6mx86

opensslopensslMatch0.9.7x86

opensslopensslMatch0.9.7beta1x86

opensslopensslMatch0.9.7beta2x86

opensslopensslMatch0.9.7beta3x86

opensslopensslMatch0.9.7beta4x86

opensslopensslMatch0.9.7beta5x86

opensslopensslMatch0.9.7beta6x86

opensslopensslMatch0.9.7ax86

opensslopensslMatch0.9.7bx86

opensslopensslMatch0.9.7cx86

opensslopensslMatch0.9.7dx86

opensslopensslMatch0.9.7ex86

opensslopensslMatch0.9.7fx86

opensslopensslMatch0.9.7gx86

opensslopensslMatch0.9.7hx86

opensslopensslMatch0.9.7ix86

opensslopensslMatch0.9.7jx86

opensslopensslMatch0.9.7kx86

opensslopensslMatch0.9.7lx86

opensslopensslMatch0.9.7mx86

opensslopensslMatch0.9.8x86

opensslopensslMatch0.9.8ax86

opensslopensslMatch0.9.8bx86

opensslopensslMatch0.9.8cx86

opensslopensslMatch0.9.8dx86

opensslopensslMatch0.9.8ex86

opensslopensslMatch0.9.8fx86

References

crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip

cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21

eprint.iacr.org/2011/633

marc.info/?t=119271238800004

openwall.com/lists/oss-security/2011/12/01/6

rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest

www.debian.org/security/2012/dsa-2390

bugzilla.redhat.com/show_bug.cgi?id=757909

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for NVD:CVE-2011-4354

f52 prion1 ubuntucve1 cvelist1 cve1 debiancve1 suse1 nessus4 osv1 openvas4 debian1 securityvulns1 ubuntu1