Vulnerability Details : CVE-2012-5621
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2012-5621
- cpe:2.3:a:ekiga:ekiga:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5621
2.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-5621
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5621
-
https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html
[SECURITY] Fedora 18 Update: opal-3.10.10-1.fc18
-
https://git.gnome.org/browse/ekiga/commit/?id=7d09807257
Validate UTF-8 strings before showing them (7d098072) · Commits · GNOME / ekiga · GitLab
-
https://bugzilla.redhat.com/show_bug.cgi?id=883058
883058 – (CVE-2012-5621) CVE-2012-5621 ekiga: DoS (crash) after receiving call from other party with not UTF-8 valid namePatch
-
http://www.securityfocus.com/bid/56790
Ekiga UTF-8 Parsing Denial of Service Vulnerability
-
http://seclists.org/oss-sec/2012/q4/407
oss-sec: Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80640
Ekiga UTF-8 denial of service CVE-2012-5621 Vulnerability Report
-
http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news
-
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of
CVE-2012-5621 Denial of Service (DoS) vulnerability in Ekiga | Oracle Third Party Vulnerability Resolution Blog
Jump to