CVE-2011-4109
published 2012-01-06CVE-2011-4109: Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
17.69%
96.8th percentile
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.0.0c-1 (bookworm) | openssl 1.0.0c-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.0.0c-1 | 1.0.0c-1 |
| openssl | openssl | >= 0 < 1.0.0c-1 | 1.0.0c-1 |
| openssl | openssl | >= 0 < 1.0.0c-1 | 1.0.0c-1 |
| openssl | openssl | >= 0 < 1.0.0c-1 | 1.0.0c-1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fr6r-xw3f-g957: Double free vulnerability in OpenSSL 0
ghsa_unreviewed·2022-05-17
CVE-2011-4109 [HIGH] GHSA-fr6r-xw3f-g957: Double free vulnerability in OpenSSL 0
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
OSV
CVE-2011-4109: Double free vulnerability in OpenSSL 0
osv·2012-01-06·CVSS 9.3
CVE-2011-4109 [CRITICAL] CVE-2011-4109: Double free vulnerability in OpenSSL 0
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
BSD
FreeBSD-SA-12:01.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2012-05-30·CVSS 9.3
CVE-2011-4109 [CRITICAL] FreeBSD-SA-12:01.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-12:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2012-05-03
Credits: Adam Langley, George Kadianakis, Ben Laurie,
Ivan Nestlerode, Tavis Ormandy
Affects: All supported versions of FreeBSD.
Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE)
2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8)
2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE)
2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2)
2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8)
2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10)
2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE)
2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2)
CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109,
CVE-2012-0884, CVE-2012-2110
For gen
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2012-02-09·CVSS 2.6
CVE-2012-0027 [LOW] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Multiple vulnerabilities exist in OpenSSL that could expose
sensitive information or cause applications to crash.
It was discovered that the elliptic curve cryptography (ECC) subsystem
in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04
LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve
Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
safety while processing handshake messages from clients. This
could allow a remote attacker to c
Red Hat
openssl: double-free in policy checks
vendor_redhat·2012-01-04·CVSS 9.3
CVE-2011-4109 [CRITICAL] openssl: double-free in policy checks
openssl: double-free in policy checks
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 6.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl096b (Red Hat Enterprise Linux 4) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2011-4109: openssl - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLIC...
vendor_debian·2011·CVSS 9.3
CVE-2011-4109 [CRITICAL] CVE-2011-4109: openssl - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLIC...
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Scope: local
bookworm: resolved (fixed in 1.0.0c-1)
bullseye: resolved (fixed in 1.0.0c-1)
forky: resolved (fixed in 1.0.0c-1)
sid: resolved (fixed in 1.0.0c-1)
trixie: resolved (fixed in 1.0.0c-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]
bugzilla·2012-01-11·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]
CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraprojec
Bugzilla
CVE-2011-4109 openssl: double-free in policy checks
bugzilla·2012-01-04·CVSS 9.3
CVE-2011-4109 [CRITICAL] CVE-2011-4109 openssl: double-free in policy checks
CVE-2011-4109 openssl: double-free in policy checks
Double-free in Policy Checks (CVE-2011-4109)
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy
check failure can lead to a double-free. The bug does not occur
unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
This flaw was discovered by Ben Laurie and a fix provided by Emilia
Kasper of Google.
Affected users should upgrade to OpenSSL 0.9.8s.
Reference: http://openssl.org/news/secadv_20120104.txt
Discussion:
Seems to be the fix here:
http://cvs.openssl.org/chngview?cn=21941
---
Created mingw32-openssl tracking bugs for this issue
Affects: epel-5 [bug 773331]
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:0060 https://rhn.redhat.com/errata/RHS
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.aschttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlhttp://marc.info/?l=bugtraq&m=132750648501816&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://secunia.com/advisories/48528http://support.apple.com/kb/HT5784http://www.debian.org/security/2012/dsa-2390http://www.kb.cert.org/vuls/id/737740http://www.mandriva.com/security/advisories?name=MDVSA-2012:006http://www.mandriva.com/security/advisories?name=MDVSA-2012:007http://www.openssl.org/news/secadv_20120104.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/72129http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.aschttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlhttp://marc.info/?l=bugtraq&m=132750648501816&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://secunia.com/advisories/48528http://support.apple.com/kb/HT5784http://www.debian.org/security/2012/dsa-2390http://www.kb.cert.org/vuls/id/737740http://www.mandriva.com/security/advisories?name=MDVSA-2012:006http://www.mandriva.com/security/advisories?name=MDVSA-2012:007http://www.openssl.org/news/secadv_20120104.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/72129
2012-01-06
Published