Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2011-3207

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

  • Published: Sep 22, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-3207
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
openssl / openssl 1.0.0c 1.0.0c.x
openssl / openssl 1.0.0-beta1 1.0.0-beta1.x
openssl / openssl 1.0.0-beta2 1.0.0-beta2.x
openssl / openssl 1.0.0-beta3 1.0.0-beta3.x
openssl / openssl 1.0.0d 1.0.0d.x
openssl / openssl 1.0.0-beta4 1.0.0-beta4.x
openssl / openssl 1.0.0 1.0.0.x
openssl / openssl 1.0.0-beta5 1.0.0-beta5.x
openssl / openssl 1.0.0a 1.0.0a.x
openssl / openssl 1.0.0b 1.0.0b.x