Описание
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.0.0g-1ubuntu1 |
| hardy | released | 0.9.8g-4ubuntu3.15 |
| lucid | released | 0.9.8k-7ubuntu8.8 |
| maverick | released | 0.9.8o-1ubuntu4.6 |
| natty | released | 0.9.8o-5ubuntu1.2 |
| oneiric | released | 1.0.0e-2ubuntu4.2 |
| upstream | released | 0.9.8s,1.0.0f |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.9.8o-7ubuntu3.1 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | released | 0.9.8o-7ubuntu1.2 |
| upstream | released | 0.9.8s |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
EPSS
4.3 Medium
CVSS2