Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-4577

Published: 06/01/2012 Updated: 26/03/2014
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f, when RFC 3779 support is enabled, allows remote malicious users to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.8m

openssl openssl 0.9.8l

openssl openssl 0.9.8e

openssl openssl 0.9.8d

openssl openssl 0.9.7k

openssl openssl 0.9.7j

openssl openssl 0.9.7b

openssl openssl 0.9.7a

openssl openssl 0.9.6h

openssl openssl 0.9.6a

openssl openssl 0.9.6

openssl openssl

openssl openssl 0.9.8q

openssl openssl 0.9.8i

openssl openssl 0.9.8h

openssl openssl 0.9.8a

openssl openssl 0.9.8

openssl openssl 0.9.7g

openssl openssl 0.9.7f

openssl openssl 0.9.7e

openssl openssl 0.9.6l

openssl openssl 0.9.6k

openssl openssl 0.9.6e

openssl openssl 0.9.6d

openssl openssl 0.9.4

openssl openssl 0.9.2b

openssl openssl 0.9.1c

openssl openssl 0.9.8p

openssl openssl 0.9.8o

openssl openssl 0.9.8n

openssl openssl 0.9.8g

openssl openssl 0.9.8f

openssl openssl 0.9.7m

openssl openssl 0.9.7l

openssl openssl 0.9.7d

openssl openssl 0.9.7c

openssl openssl 0.9.6j

openssl openssl 0.9.6i

openssl openssl 0.9.6c

openssl openssl 0.9.6b

openssl openssl 0.9.8k

openssl openssl 0.9.8j

openssl openssl 0.9.8c

openssl openssl 0.9.8b

openssl openssl 0.9.7i

openssl openssl 0.9.7h

openssl openssl 0.9.7

openssl openssl 0.9.6m

openssl openssl 0.9.6g

openssl openssl 0.9.6f

openssl openssl 0.9.5a

openssl openssl 0.9.5

openssl openssl 1.0.0d

openssl openssl 1.0.0c

openssl openssl 1.0.0

openssl openssl 1.0.0b

openssl openssl 1.0.0a

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash ...
Red Hat: Important: rhev-hypervisor6 security and bug fix update
Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes multiple security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impa ...
Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...
Debian CVElist Bug Report Logs: Potential DTLS crasher bug
Debian Bug report logs - #645805 Potential DTLS crasher bug Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Tue, 18 Oct 2011 18:27:02 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys
Debian Bug report logs - #650621 CVE-2011-4354: OpenSSL 098g (32-bit builds) bug leaks ECC private keys Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> ...
Amazon Linux AMI: ALAS-2012-038
It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle (CVE-2011-4108) An information leak flaw was ...

References

CWE-399http://www.openssl.org/news/secadv_20120104.txthttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://marc.info/?l=bugtraq&m=134039053214295&w=2http://marc.info/?l=bugtraq&m=132750648501816&w=2http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://support.apple.com/kb/HT5784http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlhttp://www.kb.cert.org/vuls/id/737740http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://secunia.com/advisories/57353https://usn.ubuntu.com/1357-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/737740
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook