Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2012-2146

HistoryAug 26, 2012 - 9:55 p.m.

CVE-2012-2146

2012-08-2621:55:01

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

60.8%

JSON

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.

OSVersionArchitecturePackageVersionFilename
Debian10allelixir< 0.7.1-4elixir_0.7.1-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	elixir	< 0.7.1-4	elixir_0.7.1-4_all.deb

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

60.8%

JSON

Related for DEBIANCVE:CVE-2012-2146