CVE-2011-4577

OpenSSL < 0.9.8s and 1.x < 1.0.0f - Denial of Service via RFC 3779 Certificate Extension Handling

Title source: llm
STIX 2.1

Description

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

References (12)

Core 12
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20120104.txt
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5784
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/737740
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=132750648501816&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134039053214295&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57353

Scores

EPSS 0.0279
EPSS Percentile 86.3%

Details

CWE
CWE-399
Status published
Products (49)
openssl/openssl 0.9.1c
openssl/openssl 0.9.2b
openssl/openssl 0.9.4
openssl/openssl 0.9.5
openssl/openssl 0.9.5a
openssl/openssl 0.9.6
openssl/openssl 0.9.6a
openssl/openssl 0.9.6b
openssl/openssl 0.9.6c
openssl/openssl 0.9.6d
... and 39 more
Published Jan 06, 2012
Tracked Since Feb 18, 2026