CVE-2011-4108Openssl vulnerability

CWE-31027 documents9 sources
Severity
5.0MEDIUMNVD
NVD4.3CNA4.3OSV4.3
EPSS
1.3%
top 20.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpensslGNU GnutlsPaloalto Pan-os
Timeline
PublishedJan 6
Latest updateMay 17

Description

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianopenssl/openssl< 1.0.0g-1+7
NVDopenssl/openssl0.9.8r+59
NVDgnu/gnutls3.0.10+55
Palo Altopaloalto/pan-os

🔴Vulnerability Details

9
GHSA
GHSA-g8h7-34h7-3c73: The DTLS implementation in OpenSSL before 02022-05-17
GHSA
GHSA-ph62-8mr5-rp5w: OpenSSL 02022-05-04
GHSA
GHSA-8w6j-wjpg-446m: The DTLS implementation in GnuTLS 32022-05-04
OSV
CVE-2012-0050: OpenSSL 02012-01-19
CVEList
CVE-2012-0050: OpenSSL 02012-01-19

📋Vendor Advisories

8
Palo Alto
OpenSSL Plain Text Recovery Attack Vulnerability2012-04-27
Ubuntu
OpenSSL vulnerabilities2012-02-09
Red Hat
gnutls: DTLS plaintext recovery attack2012-01-05
Red Hat
openssl: DTLS plaintext recovery attack2012-01-04
Debian
CVE-2012-0390: gnutls28 - The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-hand...2012

💬Community

7
Bugzilla
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw-openssl various flaws [fedora-all]2012-08-08
Bugzilla
CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix [fedora-all]2012-01-19
Bugzilla
CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix2012-01-18
Bugzilla
CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]2012-01-11
Bugzilla
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [fedora-all]2012-01-11
CVE-2011-4108 — Openssl vulnerability | cvebase