CVE-2011-3365
KDE SC 4.6.0-4.7.1 - Certificate Common Name Spoofing via Rich Text Rendering
Title source: llmDescription
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
References (5)
Core 5
Core References
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=743054
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1385.html
Vendor Advisory x_refsource_confirm
http://www.kde.org/info/security/advisory-20111003-1.txt
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:162
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1364.html
Scores
EPSS
0.0023
EPSS Percentile
46.2%
Details
CWE
CWE-20
Status
published
Products (8)
kde/kde_sc
4.6.0
kde/kde_sc
4.6.1
kde/kde_sc
4.6.2
kde/kde_sc
4.6.3
kde/kde_sc
4.6.4
kde/kde_sc
4.6.5
kde/kde_sc
4.7.0
kde/kde_sc
4.7.1
Published
Nov 29, 2011
Tracked Since
Feb 18, 2026