CVE-2012-1165
Vulnerability Summary
Timeline
Description
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 3.10%• Percentile: 87%
Techniques & Countermeasures
- CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Affected Systems
- Unknown•OpenSSL
≤ 0.9.8t | 0.9.1c | 0.9.2b | 0.9.3 | 0.9.3a | 0.9.4 | 0.9.5 | 0.9.5:beta1 | 0.9.5:beta2 | 0.9.5a | 0.9.5a:beta1 | 0.9.5a:beta2 | 0.9.6 | 0.9.6:beta1 | 0.9.6:beta2 | 0.9.6:beta3 | 0.9.6a | 0.9.6a:beta1 | 0.9.6a:beta2 | 0.9.6a:beta3 | 0.9.6b | 0.9.6c | 0.9.6d | 0.9.6e | 0.9.6f | 0.9.6g | 0.9.6h | 0.9.6i | 0.9.6j | 0.9.6k | 0.9.6l | 0.9.6m | 0.9.7 | 0.9.7:beta1 | 0.9.7:beta2 | 0.9.7:beta3 | 0.9.7:beta4 | 0.9.7:beta5 | 0.9.7:beta6 | 0.9.7a | 0.9.7b | 0.9.7c | 0.9.7d | 0.9.7e | 0.9.7f | 0.9.7g | 0.9.7h | 0.9.7i | 0.9.7j | 0.9.7k | 0.9.7l | 0.9.7m | 0.9.8 | 0.9.8a | 0.9.8b | 0.9.8c | 0.9.8d | 0.9.8e | 0.9.8f | 0.9.8g | 0.9.8h | 0.9.8i | 0.9.8j | 0.9.8k | 0.9.8l | 0.9.8m | 0.9.8m:beta1 | 0.9.8n | 0.9.8o | 0.9.8p | 0.9.8q | 0.9.8r | 0.9.8s | 1.0.0 | 1.0.0:beta1 | 1.0.0:beta2 | 1.0.0:beta3 | 1.0.0:beta4 | 1.0.0:beta5 | 1.0.0a | 1.0.0b | 1.0.0c | 1.0.0d | 1.0.0e | 1.0.0f | 1.0.0g
References (26)
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
- http://rhn.redhat.com/errata/RHSA-2012-0531.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
- http://secunia.com/advisories/48899
- https://downloads.avaya.com/css/P8/documents/100162507
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://www.openwall.com/lists/oss-security/2012/03/12/3
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://www.openwall.com/lists/oss-security/2012/03/12/6
- http://rhn.redhat.com/errata/RHSA-2012-0488.html
- http://www.debian.org/security/2012/dsa-2454
- http://www.ubuntu.com/usn/USN-1424-1
- http://secunia.com/advisories/48895
- http://secunia.com/advisories/48580
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://www.securitytracker.com/id?1026787
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0426.html
- http://cvs.openssl.org/chngview?cn=22252
- http://marc.info/?l=bugtraq&m=133728068926468&w=2
- http://www.securityfocus.com/bid/52764
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
- http://www.openwall.com/lists/oss-security/2012/03/13/2
- http://www.openwall.com/lists/oss-security/2012/03/12/7