Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-1165

Published: 15/03/2012 Updated: 13/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL prior to 0.9.8u and 1.x prior to 1.0.0h allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.8p

openssl openssl 0.9.8o

openssl openssl 0.9.8i

openssl openssl 0.9.8r

openssl openssl 0.9.8q

openssl openssl 0.9.8k

openssl openssl 0.9.8j

openssl openssl 0.9.8b

openssl openssl 0.9.8a

openssl openssl 0.9.7

openssl openssl 0.9.7a

openssl openssl 0.9.7h

openssl openssl 0.9.7i

openssl openssl 0.9.6a

openssl openssl 0.9.6i

openssl openssl 0.9.6h

openssl openssl 0.9.6m

openssl openssl 0.9.6l

openssl openssl 0.9.5

openssl openssl 0.9.3a

openssl openssl 0.9.3

openssl openssl

openssl openssl 0.9.8s

openssl openssl 0.9.8m

openssl openssl 0.9.8l

openssl openssl 0.9.8d

openssl openssl 0.9.8c

openssl openssl 0.9.7m

openssl openssl 0.9.7b

openssl openssl 0.9.7c

openssl openssl 0.9.6g

openssl openssl 0.9.6f

openssl openssl 0.9.6k

openssl openssl 0.9.6j

openssl openssl 0.9.4

openssl openssl 0.9.8h

openssl openssl 0.9.8

openssl openssl 0.9.7f

openssl openssl 0.9.7g

openssl openssl 0.9.7j

openssl openssl 0.9.6

openssl openssl 0.9.6c

openssl openssl 0.9.6b

openssl openssl 0.9.5a

openssl openssl 0.9.2b

openssl openssl 0.9.1c

openssl openssl 0.9.8n

openssl openssl 0.9.8g

openssl openssl 0.9.8f

openssl openssl 0.9.8e

openssl openssl 0.9.7d

openssl openssl 0.9.7e

openssl openssl 0.9.7k

openssl openssl 0.9.7l

openssl openssl 0.9.6e

openssl openssl 0.9.6d

openssl openssl 1.0.0

openssl openssl 1.0.0g

openssl openssl 1.0.0d

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0a

openssl openssl 1.0.0b

openssl openssl 1.0.0c

Vendor Advisories

Red Hat: Moderate: openssl security and bug fix update
Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity i ...
Debian CVElist Bug Report Logs: [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers
Debian Bug report logs - #663642 [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> D ...
Ubuntu Security Notice: openssl vulnerabilities
An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file ...
Amazon Linux AMI: ALAS-2012-062
A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in O ...

Github Repositories

https://github.com/uit-anhvuk13/VulDetImp

VulDetImp This is an implementation effort for VulDetector Installation curl -fsSL rawgithubusercontentcom/uit-anhvuk13/VulDetImp/master/setupsh | sh Usage Build the environment: /buildsh Run app: /startsh <options> Interact with the

References

CWE-399http://www.openwall.com/lists/oss-security/2012/03/12/6http://www.openwall.com/lists/oss-security/2012/03/12/7http://www.openwall.com/lists/oss-security/2012/03/13/2http://www.openwall.com/lists/oss-security/2012/03/12/3http://cvs.openssl.org/chngview?cn=22252http://marc.info/?l=bugtraq&m=134039053214295&w=2http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.htmlhttp://www.debian.org/security/2012/dsa-2454http://www.ubuntu.com/usn/USN-1424-1http://secunia.com/advisories/48895http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.htmlhttp://secunia.com/advisories/48899http://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0488.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://www.securityfocus.com/bid/52764https://downloads.avaya.com/css/P8/documents/100162507http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlhttp://marc.info/?l=bugtraq&m=133728068926468&w=2http://secunia.com/advisories/48580http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0426.htmlhttp://www.securitytracker.com/id?1026787https://access.redhat.com/errata/RHSA-2012:0426https://usn.ubuntu.com/1424-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook