CVE-2011-5095 — Openssl vulnerability

CWE-3108 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 45.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl Polarssl

Timeline

PublishedJun 20

Latest updateMay 17

Description

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages4 packages

▶debiandebian/openssl< openssl 0.9.8a-1 (bookworm)

▶Debianopenssl/openssl< 0.9.8a-1+3

▶NVDopenssl/openssl0.9.8

▶NVDpolarssl/polarssl0.14.0+7

🔴Vulnerability Details

GHSA

GHSA-xhj2-g5qf-66wr: The Diffie-Hellman key-exchange implementation in OpenSSL 0↗2022-05-17

▶

GHSA

GHSA-rwm6-hmj6-r6h5: The Diffie-Hellman key-exchange implementation in dhm↗2022-05-17

▶

OSV

CVE-2011-5095: The Diffie-Hellman key-exchange implementation in OpenSSL 0↗2012-06-20

▶

📋Vendor Advisories

Red Hat

openssl: weak public value accepted during Diffie Hellman key exchange↗2011-04-13

▶

Debian

CVE-2011-5095: openssl - The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode ...↗2011

▶

💬Community

Bugzilla

CVE-2011-5095 openssl: weak public value accepted during Diffie Hellman key exchange↗2012-06-20

▶