Home > Vulnerability Database > CVE-2011-4354

Mend.io Vulnerability Database

CVE-2011-4354

Good to know:

Date: January 26, 2012

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.

Language: C

Severity Score

4.8

Related Resources (11)

Url: http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip

Url: http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-4354

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4354

Url: http://openwall.com/lists/oss-security/2011/12/01/6

Url: http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest

Url: http://marc.info/?t=119271238800004

Url: http://eprint.iacr.org/2011/633

Url: http://www.debian.org/security/2012/dsa-2390

Url: https://bugzilla.redhat.com/show_bug.cgi?id=757909

Url: https://www.mend.io/vulnerability-database/CVE-2011-4354

Severity Score

4.8

Weakness Type (CWE)

Cryptographic Issues

CWE-310

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-4354

Good to know:

Date: January 26, 2012

Language: C

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?