Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-0014

Опубликовано: 08 фев. 2011
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Отчет

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, and 5. It was addressed in Red Hat Enterprise Linux 6 via RHSA-2011:0677.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4opensslNot affected
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 6opensslFixedRHSA-2011:067719.05.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=676063openssl: OCSP stapling vulnerability

EPSS

Процентиль: 81%
0.01671
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-0014

ubuntu
больше 14 лет назад

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

nvd логотип

CVE-2011-0014

nvd
больше 14 лет назад

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

debian логотип

CVE-2011-0014

debian
больше 14 лет назад

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...

github логотип

GHSA-w2hr-4cx4-4hmj

github
около 3 лет назад

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

oracle-oval логотип

ELSA-2011-0677

oracle-oval
около 14 лет назад

ELSA-2011-0677: openssl security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 81%
0.01671
Низкий

4 Medium

CVSS2