CVE-2011-4576
EPSS 1.0%
Description
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
How to fix CVE-2011-4576
To remediate CVE-2011-4576, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.0f-1 or later
Is CVE-2011-4576 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.0f-1