Vulnerability Description
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.8h |
Related Weaknesses (CWE)
References
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.h
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://marc.info/?l=bugtraq&m=130497251507577&w=2
- http://marc.info/?l=bugtraq&m=131042179515633&w=2
- http://osvdb.org/70847
- http://secunia.com/advisories/43227Vendor Advisory
- http://secunia.com/advisories/43286Vendor Advisory
- http://secunia.com/advisories/43301Vendor Advisory
- http://secunia.com/advisories/43339Vendor Advisory
- http://secunia.com/advisories/44269
- http://secunia.com/advisories/57353
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware
FAQ
What is CVE-2011-0014?
CVE-2011-0014 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use ...
How severe is CVE-2011-0014?
CVE-2011-0014 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0014?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.