CVE-2011-4576
Description
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.802
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-0027,CVE-2011-4619,CVE-2011-4577,CVE-2011-4576,CVE-2011-4108 are fixed in OpenSSL (x64) 1.0.0f | Windows |
| Multiple vulnerabilities fixed in OpenSSL (x64) 0.9.8s | Windows |
| openssl security update(DSA-3500-1) openssl_1.0.1e-2+deb7u20_i386.deb | Linux |
| CVE-2011-4576 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234