Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2011-4576
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-06 Jan, 2012 | 01:55
Updated At-11 Apr, 2025 | 00:51

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
OpenSSL
openssl
>>openssl>>Versions up to 0.9.8r(inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.1c
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.2b
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.4
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5a
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6b
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6c
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6d
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6e
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6f
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6g
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6h
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6h
cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6i
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6j
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6k
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6l
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6m
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7a
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7b
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7c
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7d
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7e
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7f
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7g
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7h
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7i
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7j
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7k
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7l
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7m
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8a
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8b
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8c
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8d
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8e
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8f
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8g
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8h
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8i
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8j
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8k
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8l
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8m
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8n
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascsecalert@redhat.com
N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041secalert@redhat.com
N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041secalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=132750648501816&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=132750648501816&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/48528secalert@redhat.com
N/A
http://secunia.com/advisories/55069secalert@redhat.com
N/A
http://secunia.com/advisories/57353secalert@redhat.com
N/A
http://support.apple.com/kb/HT5784secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2390secalert@redhat.com
N/A
http://www.kb.cert.org/vuls/id/737740secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007secalert@redhat.com
N/A
http://www.openssl.org/news/secadv_20120104.txtsecalert@redhat.com
Vendor Advisory
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041af854a3a-2127-422b-91ae-364da2661108
N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=132750648501816&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=132750648501816&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48528af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/55069af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57353af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5784af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2390af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/737740af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openssl.org/news/secadv_20120104.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750648501816&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750648501816&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1306.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1307.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1308.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48528
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/55069
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57353
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5784
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2390
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/737740
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20120104.txt
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750648501816&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750648501816&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1306.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1307.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1308.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48528
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/55069
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57353
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5784
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2390
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/737740
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20120104.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Change History
0Changes found
Details not found