Unrated severityNVD Advisory· Published Sep 22, 2011· Updated Apr 29, 2026

CVE-2011-3210

Description

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.

Affected products

OpenSSL Project/OpenSSL30 versions
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
osv-coords26 versions
pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 4.8.6-7.3+ 25 more
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cvs.openssl.org/chngviewnvdPatch
openssl.org/news/secadv_20110906.txtnvdVendor Advisory
lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlnvd
marc.infonvd
marc.infonvd
secunia.com/advisories/57353nvd
support.apple.com/kb/HT5784nvd
www-01.ibm.com/support/docview.wssnvd
www.mandriva.com/security/advisoriesnvd
www.securitytracker.com/idnvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000