Search for vulnerabilities
Vulnerability details: VCID-m9qa-4nzy-aaaf
Vulnerability ID VCID-m9qa-4nzy-aaaf
Aliases CVE-2011-0014
VC-OPENSSL-20110208-CVE-2011-0014
Summary A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server using the affected OpenSSL functionality.
Status Published
Exploitability 0.5
Weighted Severity 7.1
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0677
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.01671 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.02072 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.03316 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.09288 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.09288 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.09288 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.09288 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
epss 0.10337 https://api.first.org/data/v1/epss?cve=CVE-2011-0014
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=676063
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-0014
Reference id Reference type URL
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://marc.info/?l=bugtraq&m=131042179515633&w=2
http://osvdb.org/70847
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0014.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
http://secunia.com/advisories/43227
http://secunia.com/advisories/43286
http://secunia.com/advisories/43301
http://secunia.com/advisories/43339
http://secunia.com/advisories/44269
http://secunia.com/advisories/57353
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985
https://support.f5.com/csp/article/K10534046
http://support.apple.com/kb/HT4723
https://www.openssl.org/news/secadv/20110208.txt
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.debian.org/security/2011/dsa-2162
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028
http://www.openssl.org/news/secadv_20110208.txt
http://www.redhat.com/support/errata/RHSA-2011-0677.html
http://www.securityfocus.com/bid/46264
http://www.securitytracker.com/id?1025050
http://www.ubuntu.com/usn/USN-1064-1
http://www.vupen.com/english/advisories/2011/0361
http://www.vupen.com/english/advisories/2011/0387
http://www.vupen.com/english/advisories/2011/0389
http://www.vupen.com/english/advisories/2011/0395
http://www.vupen.com/english/advisories/2011/0399
http://www.vupen.com/english/advisories/2011/0603
676063 https://bugzilla.redhat.com/show_bug.cgi?id=676063
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
CVE-2011-0014 https://nvd.nist.gov/vuln/detail/CVE-2011-0014
GLSA-201110-01 https://security.gentoo.org/glsa/201110-01
RHSA-2011:0677 https://access.redhat.com/errata/RHSA-2011:0677
USN-1064-1 https://usn.ubuntu.com/1064-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0014
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.80439
EPSS Score 0.01671
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.