CVE-2011-1945
openssl - compromised certificate authority
EPSS 4.8%
Description
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
How to fix CVE-2011-1945
To remediate CVE-2011-1945, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.0e-1 or later
- Debian/openssl—upgrade to 0.9.8g-15+lenny12 or later
Is CVE-2011-1945 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.0.0e-1
- from 0, < 0.9.8g-15+lenny12