CVE-2011-4354
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.
crypto/bn/bn_nist.c en OpenSSL anterior a v0.9.8h en plataformas de 32 bits, como se utiliza en stunnel y otros productos, en determinadas circunstancias, la participación ECDH o suites ECDHE cifrado, utiliza un algoritmo de reducción incorrecta modular en la aplicación de la P-256 y P 384-NIST elíptica curvas, lo que permite a atacantes remotos obtener la clave privada de un servidor de TLS a través de múltiples intentos de apretón de manos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-11-04 CVE Reserved
- 2012-01-16 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip | X_refsource_misc | |
| http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21 | X_refsource_confirm | |
| http://eprint.iacr.org/2011/633 | X_refsource_misc | |
| http://marc.info/?t=119271238800004 | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2011/12/01/6 | Mailing List | |
| http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=757909 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2390 | 2012-11-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | <= 0.9.8g Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8g" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.1c Search vendor "Openssl" for product "Openssl" and version "0.9.1c" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.2b Search vendor "Openssl" for product "Openssl" and version "0.9.2b" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.3 Search vendor "Openssl" for product "Openssl" and version "0.9.3" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.3a Search vendor "Openssl" for product "Openssl" and version "0.9.3a" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.4 Search vendor "Openssl" for product "Openssl" and version "0.9.4" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.5 Search vendor "Openssl" for product "Openssl" and version "0.9.5" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.5 Search vendor "Openssl" for product "Openssl" and version "0.9.5" | beta1, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.5 Search vendor "Openssl" for product "Openssl" and version "0.9.5" | beta2, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.5a Search vendor "Openssl" for product "Openssl" and version "0.9.5a" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.5a Search vendor "Openssl" for product "Openssl" and version "0.9.5a" | beta1, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.5a Search vendor "Openssl" for product "Openssl" and version "0.9.5a" | beta2, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6 Search vendor "Openssl" for product "Openssl" and version "0.9.6" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6 Search vendor "Openssl" for product "Openssl" and version "0.9.6" | beta1, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6 Search vendor "Openssl" for product "Openssl" and version "0.9.6" | beta2, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6 Search vendor "Openssl" for product "Openssl" and version "0.9.6" | beta3, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6a Search vendor "Openssl" for product "Openssl" and version "0.9.6a" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6a Search vendor "Openssl" for product "Openssl" and version "0.9.6a" | beta1, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6a Search vendor "Openssl" for product "Openssl" and version "0.9.6a" | beta2, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6a Search vendor "Openssl" for product "Openssl" and version "0.9.6a" | beta3, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6b Search vendor "Openssl" for product "Openssl" and version "0.9.6b" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6c Search vendor "Openssl" for product "Openssl" and version "0.9.6c" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6d Search vendor "Openssl" for product "Openssl" and version "0.9.6d" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6e Search vendor "Openssl" for product "Openssl" and version "0.9.6e" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6f Search vendor "Openssl" for product "Openssl" and version "0.9.6f" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6g Search vendor "Openssl" for product "Openssl" and version "0.9.6g" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6h Search vendor "Openssl" for product "Openssl" and version "0.9.6h" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6i Search vendor "Openssl" for product "Openssl" and version "0.9.6i" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6j Search vendor "Openssl" for product "Openssl" and version "0.9.6j" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6k Search vendor "Openssl" for product "Openssl" and version "0.9.6k" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6l Search vendor "Openssl" for product "Openssl" and version "0.9.6l" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.6m Search vendor "Openssl" for product "Openssl" and version "0.9.6m" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta1, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta2, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta3, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta4, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta5, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta6, x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7a Search vendor "Openssl" for product "Openssl" and version "0.9.7a" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7b Search vendor "Openssl" for product "Openssl" and version "0.9.7b" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7c Search vendor "Openssl" for product "Openssl" and version "0.9.7c" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7d Search vendor "Openssl" for product "Openssl" and version "0.9.7d" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7e Search vendor "Openssl" for product "Openssl" and version "0.9.7e" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7f Search vendor "Openssl" for product "Openssl" and version "0.9.7f" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7g Search vendor "Openssl" for product "Openssl" and version "0.9.7g" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7h Search vendor "Openssl" for product "Openssl" and version "0.9.7h" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7i Search vendor "Openssl" for product "Openssl" and version "0.9.7i" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7j Search vendor "Openssl" for product "Openssl" and version "0.9.7j" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7k Search vendor "Openssl" for product "Openssl" and version "0.9.7k" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7l Search vendor "Openssl" for product "Openssl" and version "0.9.7l" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7m Search vendor "Openssl" for product "Openssl" and version "0.9.7m" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e" | x86 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f" | x86 |
Affected
| ||||||