Описание
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
Отчет
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 5, openssl096b as shipped with Red Hat Enterprise Linux 4, openssl097a as shipped with Red Hat Enterprise Linux 5, or openssl098e as shipped with Red Hat Enterprise Linux 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | openssl | Not affected | ||
| Red Hat Enterprise Linux 4 | openssl096b | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl | Fixed | RHSA-2011:1409 | 26.10.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initial ...
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
EPSS
4.3 Medium
CVSS2