cbcvebase.
CVE-2011-4108
published 2012-01-06

CVE-2011-4108: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote…

PriorityP427medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
15.76%
96.5th percentile
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Affected

128 ranges· showing 25
VendorProductVersion rangeFixed in
debiangnutls28< gnutls28 3.0.11-1 (bookworm)gnutls28 3.0.11-1 (bookworm)
debianopenssl< openssl 1.0.0f-1 (bookworm)openssl 1.0.0f-1 (bookworm)
debianopenssl< openssl 1.0.0g-1 (bookworm)openssl 1.0.0g-1 (bookworm)
gnugnutls<= 3.0.10
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls
gnugnutls

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.