5

CVE-2011-0014

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
OpenSSLOpenSSL Version0.9.8k
OpenSSLOpenSSL Version0.9.8l
OpenSSLOpenSSL Version0.9.8m
OpenSSLOpenSSL Version0.9.8n
OpenSSLOpenSSL Version0.9.8o
OpenSSLOpenSSL Version0.9.8p
OpenSSLOpenSSL Version0.9.8q
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.85% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://support.apple.com/kb/HT4723
http://secunia.com/advisories/57353
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://secunia.com/advisories/44269
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html
http://marc.info/?l=bugtraq&m=131042179515633&w=2
http://osvdb.org/70847
http://secunia.com/advisories/43227
Vendor Advisory
http://secunia.com/advisories/43286
Vendor Advisory
http://secunia.com/advisories/43301
Vendor Advisory
http://secunia.com/advisories/43339
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823
http://www.debian.org/security/2011/dsa-2162
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028
http://www.openssl.org/news/secadv_20110208.txt
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0677.html
http://www.securityfocus.com/bid/46264
http://www.securitytracker.com/id?1025050
http://www.ubuntu.com/usn/USN-1064-1
http://www.vupen.com/english/advisories/2011/0361
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0387
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0389
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0395
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0399
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0603
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985
https://support.f5.com/csp/article/K10534046