Vulnerability Details : CVE-2011-4109
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Vulnerability category: Memory Corruption
Products affected by CVE-2011-4109
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4109
3.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-4109
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4109
-
http://rhn.redhat.com/errata/RHSA-2012-1307.html
RHSA-2012:1307 - Security Advisory - Red Hat Customer Portal
-
http://support.apple.com/kb/HT5784
About the security content of OS X Mountain Lion v10.8.4 and Security Update 2013-002 - Apple Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
mandriva.com
-
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
[security-announce] SUSE-SU-2012:0084-1: important: Security update for
-
http://marc.info/?l=bugtraq&m=134039053214295&w=2
'[security bulletin] HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service' - MARC
-
http://www.kb.cert.org/vuls/id/737740
VU#737740 - Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSLUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
mandriva.com
-
http://rhn.redhat.com/errata/RHSA-2012-1308.html
RHSA-2012:1308 - Security Advisory - Red Hat Customer Portal
-
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Apple - Lists.apple.com
-
http://www.debian.org/security/2012/dsa-2390
Debian -- Security Information -- DSA-2390-1 openssl
-
http://www.openssl.org/news/secadv_20120104.txt
Vendor Advisory
-
http://marc.info/?l=bugtraq&m=132750648501816&w=2
'[security bulletin] HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (' - MARC
-
http://rhn.redhat.com/errata/RHSA-2012-1306.html
RHSA-2012:1306 - Security Advisory - Red Hat Customer Portal
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72129
OpenSSL policy checks denial of service CVE-2011-4109 Vulnerability Report
Jump to