CVE-2011-4576

N/A Unknown

Published: January 06, 2012 Modified: April 29, 2026

Description

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=132750648501816&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=133951357207000&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=134039053214295&w=2

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1306.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1307.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1308.html

Source: secalert@redhat.com

http://secunia.com/advisories/48528

Source: secalert@redhat.com

http://secunia.com/advisories/55069

Source: secalert@redhat.com

http://secunia.com/advisories/57353

Source: secalert@redhat.com

http://support.apple.com/kb/HT5784

Source: secalert@redhat.com

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2390

Source: secalert@redhat.com

http://www.kb.cert.org/vuls/id/737740

Source: secalert@redhat.com

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2012:006

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:007

Source: secalert@redhat.com

http://www.openssl.org/news/secadv_20120104.txt

Source: secalert@redhat.com

Vendor Advisory

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

Source: af854a3a-2127-422b-91ae-364da2661108

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=132750648501816&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=133951357207000&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=134039053214295&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1306.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1307.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1308.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48528

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55069

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57353

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5784

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2390

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/737740

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2012:006

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:007

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openssl.org/news/secadv_20120104.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

44 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

14.5%

96th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

openssl

Related CVEs

CVE-2026-9677 N/A

CVE-2026-13245 6.1

CVE-2026-12404 5.3

CVE-2026-10820 N/A

CVE-2026-12415 9.8