CVE-2006-7250 — NULL Pointer Dereference in Openssl

CWE-476 — NULL Pointer Dereference12 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.0%

top 16.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedFeb 29

Latest updateMay 14

Description

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0h-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0h-1+3

▶NVDopenssl/openssl0.9.8t+63

Patches

Patch: cvs.openssl.org ↗Patch: bugzilla.novell.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9vv4-xxfm-24ff: The mime_param_cmp function in crypto/asn1/asn_mime↗2022-05-14

▶

GHSA

GHSA-jcg3-jcx7-j7xf: The mime_hdr_cmp function in crypto/asn1/asn_mime↗2022-05-01

▶

OSV

CVE-2012-1165: The mime_param_cmp function in crypto/asn1/asn_mime↗2012-03-15

▶

OSV

CVE-2006-7250: The mime_hdr_cmp function in crypto/asn1/asn_mime↗2012-02-29

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2012-04-19

▶

Red Hat

openssl: mime_param_cmp NULL dereference crash↗2012-03-12

▶

Debian

CVE-2012-1165: openssl - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u a...↗2012

▶

Red Hat

openssl: mime_hdr_cmp NULL dereference crash↗2006-08-29

▶

Debian

CVE-2006-7250: openssl - The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlie...↗2006

▶

💬Community

Bugzilla

CVE-2006-7250 openssl: mime_hdr_cmp NULL dereference crash↗2012-02-28

▶