CVE-2011-3365 — Improper Input Validation in SC

CWE-20 — Improper Input Validation11 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 53.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE SC

Timeline

PublishedNov 29

Latest updateMay 17

Description

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDkde/kde_sc8 versions+7

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rcm3-37px-2f83: The KDE SSL Wrapper (KSSL) API in KDE SC 4↗2022-05-17

▶

CVEList

CVE-2011-3365: The KDE SSL Wrapper (KSSL) API in KDE SC 4↗2011-11-29

▶

📋Vendor Advisories

Ubuntu

KDE-Libs vulnerability↗2011-10-25

▶

Red Hat

kdelibs: input validation failure in KSSL↗2011-10-03

▶

💬Community

Bugzilla

psi: input validation flaw↗2011-10-18

▶

Bugzilla

CVE-2011-3367 arora: input validation flaw↗2011-10-18

▶

Bugzilla

CVE-2011-3366 rekonq: Input validation flaw↗2011-10-04

▶

Bugzilla

CVE-2011-3365 kdelibs: input validation failure in KSSL↗2011-10-03

▶

Bugzilla

CVE-2011-3365 kdelibs: input validation failure in KSSL [fedora-all]↗2011-10-03

▶