Description

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

Remediation

References

CVE-2011-3207

Related Vulnerabilities

MySQL CVE-2020-14633 Vulnerability (CVE-2020-14633)

WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)

WordPress Plugin WL Katalogsok PHP Object Injection (3.5.4)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7341)

WordPress Plugin WP VR-360 Panorama and Virtual Tour Builder For WordPress Cross-Site Scripting (8.2.6)

Severity

Medium

Classification

CVE-2011-3207 CWE-264

Tags

Missing Update Known Vulnerabilities