Lucene search

[email protected]NVD:CVE-2012-1165

HistoryMar 15, 2012 - 5:55 p.m.

CVE-2012-1165

2012-03-1517:55:00

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.2 High

AI Score

Confidence

High

0.143 Low

EPSS

Percentile

95.8%

JSON

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8t

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8mbeta1

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch0.9.8q

opensslopensslMatch0.9.8r

opensslopensslMatch0.9.8s

Node

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

References

cvs.openssl.org/chngview?cn=22252

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

marc.info/?l=bugtraq&m=133728068926468&w=2

marc.info/?l=bugtraq&m=134039053214295&w=2

rhn.redhat.com/errata/RHSA-2012-0426.html

rhn.redhat.com/errata/RHSA-2012-0488.html

rhn.redhat.com/errata/RHSA-2012-0531.html

rhn.redhat.com/errata/RHSA-2012-1306.html

rhn.redhat.com/errata/RHSA-2012-1307.html

rhn.redhat.com/errata/RHSA-2012-1308.html

secunia.com/advisories/48580

secunia.com/advisories/48895

secunia.com/advisories/48899

www.debian.org/security/2012/dsa-2454

www.openwall.com/lists/oss-security/2012/03/12/3

www.openwall.com/lists/oss-security/2012/03/12/6

www.openwall.com/lists/oss-security/2012/03/12/7

www.openwall.com/lists/oss-security/2012/03/13/2

www.securityfocus.com/bid/52764

www.securitytracker.com/id?1026787

www.ubuntu.com/usn/USN-1424-1

downloads.avaya.com/css/P8/documents/100162507

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.2 High

AI Score

Confidence

High

0.143 Low

EPSS

Percentile

95.8%

JSON

Related for NVD:CVE-2012-1165

openvas39 cve4 nessus33 ubuntucve2 debiancve2 f54 cvelist2 prion1 ubuntu1 securityvulns3 veracode2 nvd3 aix1 amazon1 fedora9 oraclelinux6 gentoo1 redhat7 suse1 centos2 debian1 osv2 ibm3 lenovo2