National Cyber Awareness System

Vulnerability Summary for CVE-2012-1165

Overview

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: UBUNTU

Name: USN-1424-1

Hyperlink:http://www.ubuntu.com/usn/USN-1424-1

External Source: MLIST

Name: [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/13/2

External Source: MLIST

Name: [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/12/7

External Source: MLIST

Name: [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/12/6

External Source: MLIST

Name: [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/12/3

External Source: DEBIAN

Name: DSA-2454

Hyperlink:http://www.debian.org/security/2012/dsa-2454

External Source: SECUNIA

Name: 48899

Hyperlink:http://secunia.com/advisories/48899

External Source: SECUNIA

Name: 48895

Hyperlink:http://secunia.com/advisories/48895

External Source: REDHAT

Name: RHSA-2012:1308

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1308.html

External Source: REDHAT

Name: RHSA-2012:1307

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1307.html

External Source: REDHAT

Name: RHSA-2012:1306

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1306.html

External Source: REDHAT

Name: RHSA-2012:0531

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0531.html

External Source: REDHAT

Name: RHSA-2012:0488

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0488.html

External Source: HP

Name: HPSBOV02793

Hyperlink:http://marc.info/?l=bugtraq&m=134039053214295&w=2

External Source: HP

Name: SSRT100891

Hyperlink:http://marc.info/?l=bugtraq&m=134039053214295&w=2

External Source: FEDORA

Name: FEDORA-2012-4630

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html

External Source: FEDORA

Name: FEDORA-2012-4665

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html

External Source: HP

Name: SSRT100877

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

External Source: HP

Name: HPSBMU02786

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=22252

Hyperlink:http://cvs.openssl.org/chngview?cn=22252