Search for vulnerabilities
Vulnerability details: VCID-fry5-vykr-aaac
Vulnerability ID VCID-fry5-vykr-aaac
Aliases CVE-2011-4109
VC-OPENSSL-20120104-CVE-2011-4109
Summary If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0060
rhas Important https://access.redhat.com/errata/RHSA-2012:1306
rhas Important https://access.redhat.com/errata/RHSA-2012:1307
rhas Important https://access.redhat.com/errata/RHSA-2012:1308
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.01732 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03839 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03931 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03931 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.03931 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.05355 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
epss 0.10769 https://api.first.org/data/v1/epss?cve=CVE-2011-4109
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=771771
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2011-4109
generic_textual MODERATE http://support.apple.com/kb/HT5784
Reference id Reference type URL
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
http://marc.info/?l=bugtraq&m=132750648501816&w=2
http://marc.info/?l=bugtraq&m=134039053214295&w=2
http://rhn.redhat.com/errata/RHSA-2012-1306.html
http://rhn.redhat.com/errata/RHSA-2012-1307.html
http://rhn.redhat.com/errata/RHSA-2012-1308.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4109.json
https://api.first.org/data/v1/epss?cve=CVE-2011-4109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
http://secunia.com/advisories/48528
https://exchange.xforce.ibmcloud.com/vulnerabilities/72129
http://support.apple.com/kb/HT5784
https://www.openssl.org/news/secadv/20120104.txt
http://www.debian.org/security/2012/dsa-2390
http://www.kb.cert.org/vuls/id/737740
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
http://www.openssl.org/news/secadv_20120104.txt
771771 https://bugzilla.redhat.com/show_bug.cgi?id=771771
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
CVE-2011-4109 https://nvd.nist.gov/vuln/detail/CVE-2011-4109
GLSA-201203-12 https://security.gentoo.org/glsa/201203-12
RHSA-2012:0060 https://access.redhat.com/errata/RHSA-2012:0060
RHSA-2012:1306 https://access.redhat.com/errata/RHSA-2012:1306
RHSA-2012:1307 https://access.redhat.com/errata/RHSA-2012:1307
RHSA-2012:1308 https://access.redhat.com/errata/RHSA-2012:1308
USN-1357-1 https://usn.ubuntu.com/1357-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-4109
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.80838
EPSS Score 0.01732
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.