CVE-2011-3207 — Openssl vulnerability

CWE-2649 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedSep 22

Latest updateMay 17

Description

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0e-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0e-1+3

▶NVDopenssl/openssl5 versions+4

Patches

Patch: cvs.openssl.org ↗Patch: cvs.openssl.org ↗

🔴Vulnerability Details

GHSA

GHSA-crcf-r7r4-xr8j: crypto/x509/x509_vfy↗2022-05-17

▶

OSV

CVE-2011-3207: crypto/x509/x509_vfy↗2011-09-22

▶

📋Vendor Advisories

Red Hat

openssl: CRL verification vulnerability↗2011-09-06

▶

Debian

CVE-2011-3207: openssl - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certai...↗2011

▶

💬Community

Bugzilla

CVE-2011-3207 mingw-openssl: CRL verification vulnerability [fedora-all]↗2012-08-07

▶

Bugzilla

CVE-2011-3207 mingw32-openssl: CRL verification vulnerability [fedora-all]↗2011-09-06

▶

Bugzilla

CVE-2011-3207 openssl: CRL verification vulnerability↗2011-09-06

▶

Bugzilla

CVE-2011-3207 openssl: CRL verification vulnerability [fedora-all]↗2011-09-06

▶