CVE-2011-0014

Summary

CVE	CVE-2011-0014
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-02-19 01:00:00 UTC
Updated	2017-09-19 01:31:00 UTC
Description	ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Risk And Classification

Problem Types: CWE-399

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	0.9.8h	All	All	All
Application	Openssl	Openssl	0.9.8i	All	All	All
Application	Openssl	Openssl	0.9.8j	All	All	All
Application	Openssl	Openssl	0.9.8k	All	All	All
Application	Openssl	Openssl	0.9.8l	All	All	All
Application	Openssl	Openssl	0.9.8m	All	All	All
Application	Openssl	Openssl	0.9.8n	All	All	All
Application	Openssl	Openssl	0.9.8o	All	All	All
Application	Openssl	Openssl	0.9.8p	All	All	All
Application	Openssl	Openssl	0.9.8q	All	All	All
Application	Openssl	Openssl	1.0.0	All	All	All
Application	Openssl	Openssl	1.0.0	beta1	All	All
Application	Openssl	Openssl	1.0.0	beta2	All	All
Application	Openssl	Openssl	1.0.0	beta3	All	All
Application	Openssl	Openssl	1.0.0	beta4	All	All
Application	Openssl	Openssl	1.0.0	beta5	All	All
Application	Openssl	Openssl	1.0.0a	All	All	All
Application	Openssl	Openssl	1.0.0b	All	All	All
Application	Openssl	Openssl	1.0.0c	All	All	All
Application	Openssl	Openssl	0.9.8h	All	All	All
Application	Openssl	Openssl	0.9.8i	All	All	All
Application	Openssl	Openssl	0.9.8j	All	All	All
Application	Openssl	Openssl	0.9.8k	All	All	All
Application	Openssl	Openssl	0.9.8l	All	All	All
Application	Openssl	Openssl	0.9.8m	All	All	All
Application	Openssl	Openssl	0.9.8n	All	All	All
Application	Openssl	Openssl	0.9.8o	All	All	All
Application	Openssl	Openssl	0.9.8p	All	All	All
Application	Openssl	Openssl	0.9.8q	All	All	All
Application	Openssl	Openssl	1.0.0	All	All	All
Application	Openssl	Openssl	1.0.0	beta1	All	All
Application	Openssl	Openssl	1.0.0	beta2	All	All
Application	Openssl	Openssl	1.0.0	beta3	All	All
Application	Openssl	Openssl	1.0.0	beta4	All	All
Application	Openssl	Openssl	1.0.0	beta5	All	All
Application	Openssl	Openssl	1.0.0a	All	All	All
Application	Openssl	Openssl	1.0.0b	All	All	All
Application	Openssl	Openssl	1.0.0c	All	All	All

References

Reference	Source	Link	Tags
Security Advisory SA57353 - IBM Storage System DS8870 OpenSSL Multiple Vulnerabilities - Secunia	SECUNIA	secunia.com
APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004	APPLE	lists.apple.com
IBM Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities. - United States	CONFIRM	www-01.ibm.com
HPSBMA02658	HP	h20000.www2.hp.com
HP Insight Control for Linux Multiple Vulnerabilities - Secunia.com	SECUNIA	secunia.com
OpenSSL ClientHello Handshake Message Parsing Vulnerability - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
70847	OSVDB	osvdb.org
OpenSSL ClientHello Parsing Flaw Lets Remote Users Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com
Support	REDHAT	www.redhat.com
[SECURITY] Fedora 14 Update: openssl-1.0.0d-1.fc14	FEDORA	lists.fedoraproject.org
USN-1064-1: OpenSSL vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
www.openssl.org/news/secadv_20110208.txt	CONFIRM	www.openssl.org	Patch, Vendor Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org
Slackware update for openssl - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
support.f5.com/csp/article/K10534046	CONFIRM	support.f5.com
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
Fedora update for openssl - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
NetBSD-SA2011-002	NETBSD	ftp.netbsd.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Debian update for openssl - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
About the security content of Mac OS X v10.6.8 and Security Update 2011-004 - Apple Support	CONFIRM	support.apple.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Security Advisories \| Mandriva Linux	MANDRIVA	www.mandriva.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Debian -- Security Information -- DSA-2162-1 openssl	DEBIAN	www.debian.org
OpenSSL OCSP Stapling 'ClientHello' Handshake Message Parsing Security Vulnerability	BID	www.securityfocus.com
'[security bulletin] HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (' - MARC	HP	marc.info
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:005	SUSE	lists.opensuse.org
'[security bulletin] HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service' - MARC	HP	marc.info
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)