CVE-2011-3210

OpenSSL 0.9.8-0.9.8r and 1.0.x < 1.0.0e - Denial of Service via Out-of-Order TLS Handshake Messages

Title source: llm

Description

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.

References (11)

Core 11

Core References

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=133226187115472&w=2

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:137

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5784

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1026012

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=132750648501816&w=2

Vendor Advisory x_refsource_confirm

http://openssl.org/news/secadv_20110906.txt

Patch x_refsource_confirm

http://cvs.openssl.org/chngview?cn=21337

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57353

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=736079

Scores

EPSS 0.0586

EPSS Percentile 90.7%

Details

CWE

CWE-399

Status published

Products (25)

openssl/openssl 0.9.8

openssl/openssl 0.9.8a

openssl/openssl 0.9.8b

openssl/openssl 0.9.8c

openssl/openssl 0.9.8d

openssl/openssl 0.9.8e

openssl/openssl 0.9.8f

openssl/openssl 0.9.8g

openssl/openssl 0.9.8h

openssl/openssl 0.9.8i

... and 15 more

Published Sep 22, 2011

Tracked Since Feb 18, 2026