CVE-2011-1923

Published Jun 20, 2012

Last updated 11 years ago

CVSS info 4.0

Overview

Description: The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 4.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59B6C69D-4016-48A8-97C7-2C1F44FFB2F6",
            "versionEndIncluding": "0.14.0"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References