CVE-2011-0014

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8h (including)	0.9.8h (including)
Openssl	Openssl	0.9.8i (including)	0.9.8i (including)
Openssl	Openssl	0.9.8j (including)	0.9.8j (including)
Openssl	Openssl	0.9.8k (including)	0.9.8k (including)
Openssl	Openssl	0.9.8l (including)	0.9.8l (including)
Openssl	Openssl	0.9.8m (including)	0.9.8m (including)
Openssl	Openssl	0.9.8n (including)	0.9.8n (including)
Openssl	Openssl	0.9.8o (including)	0.9.8o (including)
Openssl	Openssl	0.9.8p (including)	0.9.8p (including)
Openssl	Openssl	0.9.8q (including)	0.9.8q (including)
Red Hat Enterprise Linux 6	RedHat	openssl-0:1.0.0-10.el6	*
Openssl	Ubuntu	lucid	*
Openssl	Ubuntu	maverick	*
Openssl	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0014
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References