CVE-2011-3210

EUVD-2011-3174
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
0.9.8
opensslopenssl
0.9.8a:a
opensslopenssl
0.9.8b:b
opensslopenssl
0.9.8c:c
opensslopenssl
0.9.8d:d
opensslopenssl
0.9.8e:e
opensslopenssl
0.9.8f:f
opensslopenssl
0.9.8g:g
opensslopenssl
0.9.8h:h
opensslopenssl
0.9.8i:i
opensslopenssl
0.9.8j:j
opensslopenssl
0.9.8k:k
opensslopenssl
0.9.8l:l
opensslopenssl
0.9.8m:m
opensslopenssl
0.9.8n:n
opensslopenssl
0.9.8o:o
opensslopenssl
0.9.8p:p
opensslopenssl
0.9.8q:q
opensslopenssl
0.9.8r:r
opensslopenssl
0.9.8s:s
opensslopenssl
1.0.0
opensslopenssl
1.0.0:beta1
opensslopenssl
1.0.0:beta2
opensslopenssl
1.0.0:beta3
opensslopenssl
1.0.0:beta4
opensslopenssl
1.0.0:beta5
opensslopenssl
1.0.0a:a
opensslopenssl
1.0.0b:b
opensslopenssl
1.0.0c:c
opensslopenssl
1.0.0d:d
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssl
hardy
Fixed 0.9.8g-4ubuntu3.15
released
lucid
Fixed 0.9.8k-7ubuntu8.8
released
maverick
Fixed 0.9.8o-1ubuntu4.6
released
natty
Fixed 0.9.8o-5ubuntu1.2
released
oneiric
not-affected
Common Weakness Enumeration
References
http://cvs.openssl.org/chngview?cn=21337
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://marc.info/?l=bugtraq&m=132750648501816&w=2
http://marc.info/?l=bugtraq&m=133226187115472&w=2
http://openssl.org/news/secadv_20110906.txt
http://secunia.com/advisories/57353
http://support.apple.com/kb/HT5784
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
http://www.securitytracker.com/id?1026012
https://bugzilla.redhat.com/show_bug.cgi?id=736079
http://cvs.openssl.org/chngview?cn=21337
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://marc.info/?l=bugtraq&m=132750648501816&w=2
http://marc.info/?l=bugtraq&m=133226187115472&w=2
http://openssl.org/news/secadv_20110906.txt
http://secunia.com/advisories/57353
http://support.apple.com/kb/HT5784
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
http://www.securitytracker.com/id?1026012
https://bugzilla.redhat.com/show_bug.cgi?id=736079