Published: 19/02/2011 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ssl/t1_lib.c in OpenSSL 0.9.8h up to and including 0.9.8q and 1.0.0 up to and including 1.0.0c allows remote malicious users to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 0.9.8h
openssl openssl 0.9.8p
openssl openssl 0.9.8q
openssl openssl 0.9.8k
openssl openssl 0.9.8l
openssl openssl 0.9.8m
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8n
openssl openssl 0.9.8o
openssl openssl 1.0.0b
openssl openssl 1.0.0a
openssl openssl 1.0.0
openssl openssl 1.0.0c

Neel Mehta discovered that incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message This could allow a remote attacker to cause a crash and denial of service by triggering invalid memory accesses ...

Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension Packa ...

CWE-399 http://www.securitytracker.com/id?1025050 http://www.vupen.com/english/advisories/2011/0387 http://www.openssl.org/news/secadv_20110208.txt http://secunia.com/advisories/43227 http://www.debian.org/security/2011/dsa-2162 http://www.vupen.com/english/advisories/2011/0399 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html http://www.ubuntu.com/usn/USN-1064-1 http://www.mandriva.com/security/advisories?name=MDVSA-2011:028 http://www.vupen.com/english/advisories/2011/0395 http://www.vupen.com/english/advisories/2011/0389 http://www.securityfocus.com/bid/46264 http://osvdb.org/70847 http://secunia.com/advisories/43301 http://secunia.com/advisories/43286 http://www.vupen.com/english/advisories/2011/0361 http://secunia.com/advisories/43339 http://www.vupen.com/english/advisories/2011/0603 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 http://secunia.com/advisories/44269 http://support.apple.com/kb/HT4723 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://www.redhat.com/support/errata/RHSA-2011-0677.html http://marc.info/?l=bugtraq&m=131042179515633&w=2 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://secunia.com/advisories/57353 http://marc.info/?l=bugtraq&m=130497251507577&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985 https://support.f5.com/csp/article/K10534046 https://usn.ubuntu.com/1064-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-0014

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect