CVE-2011-4108 in OpenSSLinfo

Summary

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

10/18/2011

Disclosure

01/05/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
4514	OpenSSL DTLS CBC Encryption cryptographic issue	310	Not defined	Official fix	CVE-2011-4108

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!