CVE-2011-4354

Description

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.

How to fix CVE-2011-4354

To remediate CVE-2011-4354, upgrade the affected package to a fixed version below.

• Debian/openssl—upgrade to 0.9.8o-4squeeze3 or later

Is CVE-2011-4354 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.9.8o-4squeeze3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4354