CVE-2011-4576 — Openssl vulnerability

CWE-31011 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedJan 6

Latest updateMay 17

Description

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0f-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0f-1+3

▶NVDopenssl/openssl0.9.8r+57

🔴Vulnerability Details

GHSA

GHSA-cr84-m7vr-7v6v: The SSL 3↗2022-05-17

▶

OSV

CVE-2011-4576: The SSL 3↗2012-01-06

▶

📋Vendor Advisories

BSD

FreeBSD-SA-12:01.openssl: OpenSSL multiple vulnerabilities↗2012-05-30

▶

Ubuntu

OpenSSL vulnerabilities↗2012-02-09

▶

Red Hat

openssl: uninitialized SSL 3.0 padding↗2012-01-04

▶

Debian

CVE-2011-4576: openssl - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does n...↗2011

▶

💬Community

Bugzilla

CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw-openssl various flaws [fedora-all]↗2012-08-08

▶

Bugzilla

CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]↗2012-01-11

▶

Bugzilla

CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [fedora-all]↗2012-01-11

▶

Bugzilla

CVE-2011-4576 openssl: uninitialized SSL 3.0 padding↗2012-01-04

▶