CVE-2011-4108
Description
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.251
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-0027,CVE-2011-4619,CVE-2011-4577,CVE-2011-4576,CVE-2011-4108 are fixed in OpenSSL (x64) 1.0.0f | Windows |
| Multiple vulnerabilities fixed in OpenSSL (x64) 0.9.8s | Windows |
| openssl security update(DSA-3500-1) openssl_1.0.1e-2+deb7u20_i386.deb | Linux |
| CVE-2011-4108 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234