CVE-2011-0014

Severity

50%

Complexity

99%

Confidentiality

48%

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

OpenSSL Project OpenSSL

First reported 14 years ago

2011-02-19 01:00:00

Last updated 7 years ago

2017-09-19 01:31:00

Affected Software

OpenSSL Project OpenSSL 0.9.8h

0.9.8h

OpenSSL Project OpenSSL 0.9.8i

0.9.8i

OpenSSL Project OpenSSL 0.9.8j

0.9.8j

OpenSSL Project OpenSSL 0.9.8k

0.9.8k

OpenSSL Project OpenSSL 0.9.8l

0.9.8l

OpenSSL Project OpenSSL 0.9.8m

0.9.8m

OpenSSL Project OpenSSL 0.9.8n

0.9.8n

OpenSSL Project OpenSSL 0.9.8o

0.9.8o

OpenSSL Project OpenSSL 0.9.8p

0.9.8p

OpenSSL Project OpenSSL 0.9.8q

0.9.8q

OpenSSL Project OpenSSL 1.0.0

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta1

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta2

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta3

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta4

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta5

1.0.0

OpenSSL Project OpenSSL 1.0.0a

1.0.0a

OpenSSL Project OpenSSL 1.0.0b

1.0.0b

OpenSSL Project OpenSSL 1.0.0c

1.0.0c

References

NetBSD-SA2011-002

HPSBMA02658

APPLE-SA-2011-06-23-1

FEDORA-2011-1273

SUSE-SR:2011:005

SSRT100475

HPSBUX02689

70847

43227

Vendor Advisory

43286

Vendor Advisory

43301

Vendor Advisory

43339

Vendor Advisory

44269

57353

SSA:2011-041-04

http://support.apple.com/kb/HT4723

DSA-2162

MDVSA-2011:028

http://www.openssl.org/news/secadv_20110208.txt

Patch, Vendor Advisory

RHSA-2011:0677

46264

1025050

USN-1064-1

ADV-2011-0361

Vendor Advisory

ADV-2011-0387

Vendor Advisory

ADV-2011-0389

Vendor Advisory

ADV-2011-0395

Vendor Advisory

ADV-2011-0399

Vendor Advisory

ADV-2011-0603

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

oval:org.mitre.oval:def:18985

https://support.f5.com/csp/article/K10534046

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.