CVE-2011-4109
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
06/01/2012
Last modified:
11/04/2025
Description
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://secunia.com/advisories/48528
- http://support.apple.com/kb/HT5784
- http://www.debian.org/security/2012/dsa-2390
- http://www.kb.cert.org/vuls/id/737740
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A006
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A007
- http://www.openssl.org/news/secadv_20120104.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72129
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://secunia.com/advisories/48528
- http://support.apple.com/kb/HT5784
- http://www.debian.org/security/2012/dsa-2390
- http://www.kb.cert.org/vuls/id/737740
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A006
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A007
- http://www.openssl.org/news/secadv_20120104.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72129