// For flags

CVE-2011-0014

openssl: OCSP stapling vulnerability

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

ssl/t1_lib.c en OpenSSL v0.9.8h hasta v0.9.8q y v1.0.0 hasta v1.0.0c permite a atacantes remotos causar una denegación de servicio (por caída de la aplicación) y posiblemente obtener información sensible en las aplicaciones que utilizan OpenSSL, a través de un formato incorrecto de mensaje ClientHello que desencadena un acceso a memoria fuera de rango, también conocida como "vulnerabilidad de grapado OCSP."

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-12-07 CVE Reserved
  • 2011-02-08 CVE Published
  • 2023-03-09 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (34)
URL Tag Source
http://osvdb.org/70847 Vdb Entry
http://secunia.com/advisories/44269 Third Party Advisory
http://secunia.com/advisories/57353 Third Party Advisory
http://support.apple.com/kb/HT4723 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 X_refsource_confirm
http://www.securityfocus.com/bid/46264 Vdb Entry
http://www.securitytracker.com/id?1025050 Vdb Entry
http://www.vupen.com/english/advisories/2011/0603 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985 Signature
https://support.f5.com/csp/article/K10534046 X_refsource_confirm
URL Date SRC
URL Date SRC
http://www.openssl.org/news/secadv_20110208.txt 2017-09-19
URL Date SRC
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc 2017-09-19
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 2017-09-19
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html 2017-09-19
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html 2017-09-19
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html 2017-09-19
http://marc.info/?l=bugtraq&m=130497251507577&w=2 2017-09-19
http://marc.info/?l=bugtraq&m=131042179515633&w=2 2017-09-19
http://secunia.com/advisories/43227 2017-09-19
http://secunia.com/advisories/43286 2017-09-19
http://secunia.com/advisories/43301 2017-09-19
http://secunia.com/advisories/43339 2017-09-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 2017-09-19
http://www.debian.org/security/2011/dsa-2162 2017-09-19
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028 2017-09-19
http://www.redhat.com/support/errata/RHSA-2011-0677.html 2017-09-19
http://www.ubuntu.com/usn/USN-1064-1 2017-09-19
http://www.vupen.com/english/advisories/2011/0361 2017-09-19
http://www.vupen.com/english/advisories/2011/0387 2017-09-19
http://www.vupen.com/english/advisories/2011/0389 2017-09-19
http://www.vupen.com/english/advisories/2011/0395 2017-09-19
http://www.vupen.com/english/advisories/2011/0399 2017-09-19
https://access.redhat.com/security/cve/CVE-2011-0014 2011-05-19
https://bugzilla.redhat.com/show_bug.cgi?id=676063 2011-05-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8h
Search vendor "Openssl" for product "Openssl" and version "0.9.8h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8i
Search vendor "Openssl" for product "Openssl" and version "0.9.8i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8j
Search vendor "Openssl" for product "Openssl" and version "0.9.8j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8k
Search vendor "Openssl" for product "Openssl" and version "0.9.8k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8l
Search vendor "Openssl" for product "Openssl" and version "0.9.8l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8m
Search vendor "Openssl" for product "Openssl" and version "0.9.8m"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8n
Search vendor "Openssl" for product "Openssl" and version "0.9.8n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8o
Search vendor "Openssl" for product "Openssl" and version "0.9.8o"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8p
Search vendor "Openssl" for product "Openssl" and version "0.9.8p"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 0.9.8q
Search vendor "Openssl" for product "Openssl" and version "0.9.8q"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta3
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta4
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta5
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0a
Search vendor "Openssl" for product "Openssl" and version "1.0.0a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0b
Search vendor "Openssl" for product "Openssl" and version "1.0.0b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0c
Search vendor "Openssl" for product "Openssl" and version "1.0.0c"
-
Affected