CVE-2011-4576
N/A
N/A
Summary
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/48528
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
- http://www.openssl.org/news/secadv_20120104.txt
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://support.apple.com/kb/HT5784
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://www.kb.cert.org/vuls/id/737740
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://secunia.com/advisories/57353
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://www.debian.org/security/2012/dsa-2390
- http://secunia.com/advisories/55069
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
References
- http://secunia.com/advisories/48528
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
- http://www.openssl.org/news/secadv_20120104.txt
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://support.apple.com/kb/HT5784
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://www.kb.cert.org/vuls/id/737740
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://secunia.com/advisories/57353
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://www.debian.org/security/2012/dsa-2390
- http://secunia.com/advisories/55069
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.