Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0014

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Published

2011-02-19T01:00:01.777

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	0.9.8h	Yes
Application	openssl	openssl	0.9.8i	Yes
Application	openssl	openssl	0.9.8j	Yes
Application	openssl	openssl	0.9.8k	Yes
Application	openssl	openssl	0.9.8l	Yes
Application	openssl	openssl	0.9.8m	Yes
Application	openssl	openssl	0.9.8n	Yes
Application	openssl	openssl	0.9.8o	Yes
Application	openssl	openssl	0.9.8p	Yes
Application	openssl	openssl	0.9.8q	Yes
Application	openssl	openssl	1.0.0	Yes
Application	openssl	openssl	1.0.0	Yes
Application	openssl	openssl	1.0.0	Yes
Application	openssl	openssl	1.0.0	Yes
Application	openssl	openssl	1.0.0	Yes
Application	openssl	openssl	1.0.0	Yes
Application	openssl	openssl	1.0.0a	Yes
Application	openssl	openssl	1.0.0b	Yes
Application	openssl	openssl	1.0.0c	Yes

References

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 ([email protected])
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html ([email protected])
http://marc.info/?l=bugtraq&m=130497251507577&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=130497251507577&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=131042179515633&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=131042179515633&w=2 ([email protected])
http://osvdb.org/70847 ([email protected])
http://secunia.com/advisories/43227 Vendor Advisory ([email protected])
http://secunia.com/advisories/43286 Vendor Advisory ([email protected])
http://secunia.com/advisories/43301 Vendor Advisory ([email protected])
http://secunia.com/advisories/43339 Vendor Advisory ([email protected])
http://secunia.com/advisories/44269 ([email protected])
http://secunia.com/advisories/57353 ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 ([email protected])
http://support.apple.com/kb/HT4723 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 ([email protected])
http://www.debian.org/security/2011/dsa-2162 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028 ([email protected])
http://www.openssl.org/news/secadv_20110208.txt Patch, Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0677.html ([email protected])
http://www.securityfocus.com/bid/46264 ([email protected])
http://www.securitytracker.com/id?1025050 ([email protected])
http://www.ubuntu.com/usn/USN-1064-1 ([email protected])
http://www.vupen.com/english/advisories/2011/0361 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0387 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0389 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0395 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0399 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0603 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985 ([email protected])
https://support.f5.com/csp/article/K10534046 ([email protected])
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130497251507577&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130497251507577&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=131042179515633&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=131042179515633&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/70847 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43227 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43286 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43301 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43339 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/44269 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/57353 (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4723 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2162 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openssl.org/news/secadv_20110208.txt Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0677.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46264 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025050 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1064-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0361 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0387 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0389 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0395 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0399 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0603 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985 (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K10534046 (af854a3a-2127-422b-91ae-364da2661108)