The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:NApple Mac Os X
OSApple≤ 10.10.1Fedora Project Fedora
OSFedoraproject192021IBM Aix
OSIbm5.36.17.1IBM Vios
APPIbm2.2.0.102.2.0.112.2.0.122.2.0.132.2.1.02.2.1.12.2.1.32.2.1.42.2.1.52.2.1.62.2.1.72.2.1.82.2.1.9Mageia
OSMageia3.04.0Novell SUSE Linux Enterprise Desktop
OSNovell10.011.012.09.0Novell SUSE Linux Enterprise Server
OSNovell11.012.0Novell SUSE Linux Enterprise Software Development Kit
APPNovell11.012.0OpenSSL
APPOpenssl0.9.80.9.8a0.9.8b0.9.8c0.9.8d0.9.8e0.9.8f0.9.8g0.9.8h0.9.8i0.9.8j0.9.8k0.9.8l0.9.8m0.9.8n+ 39 więcejOpensuse
OSOpensuse12.313.1Red Hat Enterprise Linux
OSRedhat5Red Hat Enterprise Linux Desktop
OSRedhat6.07.0Red Hat Enterprise Linux Desktop Supplementary
OSRedhat5.06.0Red Hat Enterprise Linux Server
OSRedhat6.07.0Red Hat Enterprise Linux Server Supplementary
OSRedhat5.06.07.0Red Hat Enterprise Linux Workstation
OSRedhat6.07.0Red Hat Enterprise Linux Workstation Supplementary
OSRedhat6.07.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox