CVE-2011-3365

kdelibs: input validation failure in KSSL

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

La API KDE SSL Wrapper (KSSL) en KDE SC v4.6.0 hasta 4.7.1 y posiblemente versiones anteriores, no utiilizan una fuente concreta cuando renderizan los campos de certificado en un diálogo de seguridad, lo que permite a atacantes remotos falsificar el nombre común (CN) de un certificado a través de un texto enriquecido.

This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-08-30 CVE Reserved
2011-11-29 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=743054	2011-10-19

URL	Date	SRC
http://www.kde.org/info/security/advisory-20111003-1.txt	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:162	2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-1364.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-1385.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2011-3365	2011-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.0 Search vendor "Kde" for product "Kde Sc" and version "4.6.0"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.1 Search vendor "Kde" for product "Kde Sc" and version "4.6.1"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.2 Search vendor "Kde" for product "Kde Sc" and version "4.6.2"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.3 Search vendor "Kde" for product "Kde Sc" and version "4.6.3"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.4 Search vendor "Kde" for product "Kde Sc" and version "4.6.4"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.5 Search vendor "Kde" for product "Kde Sc" and version "4.6.5"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.7.0 Search vendor "Kde" for product "Kde Sc" and version "4.7.0"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.7.1 Search vendor "Kde" for product "Kde Sc" and version "4.7.1"		-		Affected