CVE-2011-3210 — Openssl vulnerability

CWE-3998 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

5.9%

top 9.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedSep 22

Latest updateDec 29

Description

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0e-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0e-1+3

▶NVDopenssl/openssl25 versions+24

Patches

Patch: cvs.openssl.org ↗Patch: cvs.openssl.org ↗

🔴Vulnerability Details

GHSA

GHSA-q2wp-8mh7-q533: The ephemeral ECDH ciphersuite functionality in OpenSSL 0↗2022-05-17

▶

OSV

CVE-2011-3210: The ephemeral ECDH ciphersuite functionality in OpenSSL 0↗2011-09-22

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2012-02-09

▶

Red Hat

openssl: TLS ephemeral ECDH crashes in OpenSSL↗2011-09-06

▶

Debian

CVE-2011-3210: openssl - The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and...↗2011

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2011-3210 openssl: TLS ephemeral ECDH crashes in OpenSSL↗2011-09-06

▶