The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
2012-01-06T01:55:00.783
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | ≤ 0.9.8r | Yes |
| Application | openssl | openssl | 0.9.1c | Yes |
| Application | openssl | openssl | 0.9.2b | Yes |
| Application | openssl | openssl | 0.9.4 | Yes |
| Application | openssl | openssl | 0.9.5 | Yes |
| Application | openssl | openssl | 0.9.5a | Yes |
| Application | openssl | openssl | 0.9.6 | Yes |
| Application | openssl | openssl | 0.9.6a | Yes |
| Application | openssl | openssl | 0.9.6b | Yes |
| Application | openssl | openssl | 0.9.6c | Yes |
| Application | openssl | openssl | 0.9.6d | Yes |
| Application | openssl | openssl | 0.9.6e | Yes |
| Application | openssl | openssl | 0.9.6f | Yes |
| Application | openssl | openssl | 0.9.6g | Yes |
| Application | openssl | openssl | 0.9.6h | Yes |
| Application | openssl | openssl | 0.9.6h | Yes |
| Application | openssl | openssl | 0.9.6i | Yes |
| Application | openssl | openssl | 0.9.6j | Yes |
| Application | openssl | openssl | 0.9.6k | Yes |
| Application | openssl | openssl | 0.9.6l | Yes |
| Application | openssl | openssl | 0.9.6m | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7a | Yes |
| Application | openssl | openssl | 0.9.7b | Yes |
| Application | openssl | openssl | 0.9.7c | Yes |
| Application | openssl | openssl | 0.9.7d | Yes |
| Application | openssl | openssl | 0.9.7e | Yes |
| Application | openssl | openssl | 0.9.7f | Yes |
| Application | openssl | openssl | 0.9.7g | Yes |
| Application | openssl | openssl | 0.9.7h | Yes |
| Application | openssl | openssl | 0.9.7i | Yes |
| Application | openssl | openssl | 0.9.7j | Yes |
| Application | openssl | openssl | 0.9.7k | Yes |
| Application | openssl | openssl | 0.9.7l | Yes |
| Application | openssl | openssl | 0.9.7m | Yes |
| Application | openssl | openssl | 0.9.8 | Yes |
| Application | openssl | openssl | 0.9.8a | Yes |
| Application | openssl | openssl | 0.9.8b | Yes |
| Application | openssl | openssl | 0.9.8c | Yes |
| Application | openssl | openssl | 0.9.8d | Yes |
| Application | openssl | openssl | 0.9.8e | Yes |
| Application | openssl | openssl | 0.9.8f | Yes |
| Application | openssl | openssl | 0.9.8g | Yes |
| Application | openssl | openssl | 0.9.8h | Yes |
| Application | openssl | openssl | 0.9.8i | Yes |
| Application | openssl | openssl | 0.9.8j | Yes |
| Application | openssl | openssl | 0.9.8k | Yes |
| Application | openssl | openssl | 0.9.8l | Yes |
| Application | openssl | openssl | 0.9.8m | Yes |
| Application | openssl | openssl | 0.9.8n | Yes |
| Application | openssl | openssl | 0.9.8o | Yes |
| Application | openssl | openssl | 0.9.8p | Yes |
| Application | openssl | openssl | 0.9.8q | Yes |
| Application | openssl | openssl | ≤ 1.0.0e | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0a | Yes |
| Application | openssl | openssl | 1.0.0b | Yes |
| Application | openssl | openssl | 1.0.0c | Yes |
| Application | openssl | openssl | 1.0.0d | Yes |