Vulnerability Details : CVE-2012-1165
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2012-1165
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1165
9.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1165
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-1165
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1165
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
[SECURITY] Fedora 16 Update: openssl-1.0.0h-1.fc16
-
http://www.openwall.com/lists/oss-security/2012/03/12/6
oss-security - Re: CVE request: openssl: null pointer dereference issue
-
http://secunia.com/advisories/48895
Sign in
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
-
http://rhn.redhat.com/errata/RHSA-2012-1307.html
RHSA-2012:1307 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-1424-1
USN-1424-1: OpenSSL vulnerabilities | Ubuntu security notices
-
http://www.securitytracker.com/id?1026787
OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
[SECURITY] Fedora 15 Update: openssl-1.0.0h-1.fc15
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
[SECURITY] Fedora 17 Update: openssl-1.0.0h-1.fc17
-
http://rhn.redhat.com/errata/RHSA-2012-0531.html
RHSA-2012:0531 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2012/03/12/3
oss-security - Re: CVE request: openssl: null pointer dereference issue
-
http://marc.info/?l=bugtraq&m=134039053214295&w=2
'[security bulletin] HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service' - MARC
-
http://secunia.com/advisories/48580
Sign in
-
http://www.openwall.com/lists/oss-security/2012/03/13/2
oss-security - Re: CVE request: openssl: null pointer dereference issue
-
http://www.openwall.com/lists/oss-security/2012/03/12/7
oss-security - Re: CVE request: openssl: null pointer dereference issue
-
http://rhn.redhat.com/errata/RHSA-2012-1308.html
RHSA-2012:1308 - Security Advisory - Red Hat Customer Portal
-
https://downloads.avaya.com/css/P8/documents/100162507
ASA-2012-207 (RHSA-2012-0426)
-
http://www.debian.org/security/2012/dsa-2454
Debian -- Security Information -- DSA-2454-2 openssl
-
http://rhn.redhat.com/errata/RHSA-2012-0426.html
RHSA-2012:0426 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/48899
Sign in
-
http://www.securityfocus.com/bid/52764
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2012-1306.html
RHSA-2012:1306 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RHSA-2012:0488 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1c-1.fc18
-
http://marc.info/?l=bugtraq&m=133728068926468&w=2
'[security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of' - MARC
-
http://cvs.openssl.org/chngview?cn=22252
Jump to