CVE-2011-4109 — Double Free in Openssl

CWE-39910 documents9 sources

Severity

9.3CRITICALNVD

EPSS

2.6%

top 14.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedJan 6

Latest updateDec 29

Description

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0c-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0c-1+3

▶NVDopenssl/openssl19 versions+18

🔴Vulnerability Details

GHSA

GHSA-fr6r-xw3f-g957: Double free vulnerability in OpenSSL 0↗2022-05-17

▶

OSV

CVE-2011-4109: Double free vulnerability in OpenSSL 0↗2012-01-06

▶

📋Vendor Advisories

BSD

FreeBSD-SA-12:01.openssl: OpenSSL multiple vulnerabilities↗2012-05-30

▶

Ubuntu

OpenSSL vulnerabilities↗2012-02-09

▶

Red Hat

openssl: double-free in policy checks↗2012-01-04

▶

Debian

CVE-2011-4109: openssl - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLIC...↗2011

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]↗2012-01-11

▶

Bugzilla

CVE-2011-4109 openssl: double-free in policy checks↗2012-01-04

▶