9.4 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.143 Low
EPSS
Percentile
95.6%
It was discovered that OpenSSL could be made to dereference a NULL pointer
when processing S/MIME messages. A remote attacker could use this to cause
a denial of service. These issues did not affect Ubuntu 8.04 LTS.
(CVE-2006-7250, CVE-2012-1165)
Tavis Ormandy discovered that OpenSSL did not properly perform bounds
checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a
denial of service or possibly execute arbitrary code with application
privileges. (CVE-2012-2110)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | libssl0.9.8 | < 0.9.8g-4ubuntu3.17 | UNKNOWN |
Ubuntu | 8.04 | noarch | libcrypto0.9.8-udeb | < 0.9.8g-4ubuntu3.17 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl-dev | < 0.9.8g-4ubuntu3.17 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8-dbg | < 0.9.8g-4ubuntu3.17 | UNKNOWN |
Ubuntu | 8.04 | noarch | openssl | < 0.9.8g-4ubuntu3.17 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl1.0.0 | < 1.0.0e-2ubuntu4.4 | UNKNOWN |
Ubuntu | 11.10 | noarch | libcrypto1.0.0-udeb | < 1.0.0e-2ubuntu4.4 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl-dev | < 1.0.0e-2ubuntu4.4 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl1.0.0-dbg | < 1.0.0e-2ubuntu4.4 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl1.0.0-udeb | < 1.0.0e-2ubuntu4.4 | UNKNOWN |