4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.9%
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
performs a MAC check only if certain padding is valid, which makes it
easier for remote attackers to recover plaintext via a padding oracle
attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | openssl | <ย 0.9.8g-4ubuntu3.15 | UNKNOWN |
ubuntu | 10.04 | noarch | openssl | <ย 0.9.8k-7ubuntu8.8 | UNKNOWN |
ubuntu | 10.10 | noarch | openssl | <ย 0.9.8o-1ubuntu4.6 | UNKNOWN |
ubuntu | 11.04 | noarch | openssl | <ย 0.9.8o-5ubuntu1.2 | UNKNOWN |
ubuntu | 11.10 | noarch | openssl | <ย 1.0.0e-2ubuntu4.2 | UNKNOWN |
ubuntu | 11.10 | noarch | openssl098 | <ย 0.9.8o-7ubuntu1.2 | UNKNOWN |