CVE-2011-0014 — Openssl vulnerability

CWE-39911 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedFeb 19

Latest updateDec 29

Description

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.8o-5 (bookworm)

▶Debianopenssl/openssl< 0.9.8o-5+3

▶NVDopenssl/openssl14 versions+13

Patches

Patch: www.openssl.org ↗Patch: www.openssl.org ↗

🔴Vulnerability Details

GHSA

GHSA-w2hr-4cx4-4hmj: ssl/t1_lib↗2022-05-03

▶

OSV

CVE-2011-0014: ssl/t1_lib↗2011-02-19

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerability↗2011-02-15

▶

Red Hat

openssl: OCSP stapling vulnerability↗2011-02-08

▶

Debian

CVE-2011-0014: openssl - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows re...↗2011

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2011-0014 openssl: OCSP stapling vulnerability↗2011-02-08

▶

Bugzilla

CVE-2011-0014 openssl: OCSP stapling vulnerability [fedora-all]↗2011-02-08

▶

Bugzilla

CVE-2011-0014 openssl: OCSP stapling vulnerability [fedora-all]↗2011-02-08

▶