CVE-2011-1945

N/A Unknown
Published: May 31, 2011 Modified: April 29, 2026
View on NVD

Description

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://eprint.iacr.org/2011/232.pdf
Source: secalert@redhat.com
Exploit
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Source: secalert@redhat.com
http://secunia.com/advisories/44935
Source: secalert@redhat.com
http://support.apple.com/kb/HT5784
Source: secalert@redhat.com
http://www.debian.org/security/2011/dsa-2309
Source: secalert@redhat.com
http://www.kb.cert.org/vuls/id/536044
Source: secalert@redhat.com
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
Source: secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
Source: secalert@redhat.com
https://hermes.opensuse.org/messages/8760466
Source: secalert@redhat.com
https://hermes.opensuse.org/messages/8764170
Source: secalert@redhat.com
http://eprint.iacr.org/2011/232.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/44935
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.apple.com/kb/HT5784
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2011/dsa-2309
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/536044
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
Source: af854a3a-2127-422b-91ae-364da2661108
https://hermes.opensuse.org/messages/8760466
Source: af854a3a-2127-422b-91ae-364da2661108
https://hermes.opensuse.org/messages/8764170
Source: af854a3a-2127-422b-91ae-364da2661108

22 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.4%
87th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

openssl

Related CVEs

CVE-2026-9699 6.8
CVE-2026-57667 8.5
CVE-2026-57665 5.3
CVE-2026-57664 4.3
CVE-2026-57663 8.5