CVE-2012-0027 — Openssl vulnerability

CWE-3997 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedJan 6

Latest updateMay 4

Description

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0f-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0f-1+3

▶NVDopenssl/openssl1.0.0e+60

🔴Vulnerability Details

GHSA

GHSA-6vgp-r5v2-7gfw: The GOST ENGINE in OpenSSL before 1↗2022-05-04

▶

OSV

CVE-2012-0027: The GOST ENGINE in OpenSSL before 1↗2012-01-06

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2012-02-09

▶

Red Hat

openssl: invalid GOST parameters DoS attack↗2012-01-04

▶

Debian

CVE-2012-0027: openssl - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parame...↗2012

▶

💬Community

Bugzilla

CVE-2012-0027 openssl: invalid GOST parameters DoS attack↗2012-01-04

▶