CVE-2011-4576

OpenSSL < 0.9.8s and 1.x < 1.0.0f - Information Disclosure via SSL 3.0 Block Cipher Padding

Title source: llm

Description

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

References (22)

Core 22

Core References

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1308.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1307.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48528

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:006

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

Vendor Advisory x_refsource_confirm

http://www.openssl.org/news/secadv_20120104.txt

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5784

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/737740

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=132750648501816&w=2

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:007

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1306.html

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=134039053214295&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57353

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=133951357207000&w=2

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2390

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55069

Various Sources x_refsource_confirm

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

Scores

EPSS 0.0105

EPSS Percentile 77.8%

Details

CWE

CWE-310

Status published

Products (49)

openssl/openssl 0.9.1c

openssl/openssl 0.9.2b

openssl/openssl 0.9.4

openssl/openssl 0.9.5

openssl/openssl 0.9.5a

openssl/openssl 0.9.6

openssl/openssl 0.9.6a

openssl/openssl 0.9.6b

openssl/openssl 0.9.6c

openssl/openssl 0.9.6d

... and 39 more

Published Jan 06, 2012

Tracked Since Feb 18, 2026