5

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8r
OpenSSLOpenSSL Version0.9.1c
OpenSSLOpenSSL Version0.9.2b
OpenSSLOpenSSL Version0.9.4
OpenSSLOpenSSL Version0.9.5
OpenSSLOpenSSL Version0.9.5a
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6f
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6h Updatebogus
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.6j
OpenSSLOpenSSL Version0.9.6k
OpenSSLOpenSSL Version0.9.6l
OpenSSLOpenSSL Version0.9.6m
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.7l
OpenSSLOpenSSL Version0.9.7m
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
OpenSSLOpenSSL Version0.9.8k
OpenSSLOpenSSL Version0.9.8l
OpenSSLOpenSSL Version0.9.8m
OpenSSLOpenSSL Version0.9.8n
OpenSSLOpenSSL Version0.9.8o
OpenSSLOpenSSL Version0.9.8p
OpenSSLOpenSSL Version0.9.8q
OpenSSLOpenSSL Version <= 1.0.0e
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.65% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/57353
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.kb.cert.org/vuls/id/737740
US Government Resource
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://support.apple.com/kb/HT5784
http://marc.info/?l=bugtraq&m=133951357207000&w=2
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
http://marc.info/?l=bugtraq&m=132750648501816&w=2
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
http://marc.info/?l=bugtraq&m=134039053214295&w=2
http://rhn.redhat.com/errata/RHSA-2012-1306.html
http://rhn.redhat.com/errata/RHSA-2012-1307.html
http://rhn.redhat.com/errata/RHSA-2012-1308.html
http://secunia.com/advisories/48528
http://www.debian.org/security/2012/dsa-2390
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
http://www.openssl.org/news/secadv_20120104.txt
Vendor Advisory
http://marc.info/?l=bugtraq&m=133728068926468&w=2