CVE-2011-4108
EPSS 1.3%openssl - several
發布日:2012/1/6修改日:2026/4/28
描述
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
受影響套件(2)
- Debian/opensslfrom 0, < 1.0.0f-1
- Debian/opensslfrom 0, < 0.9.8g-15+lenny15