CVE-2012-0050 — Openssl vulnerability

9 documents7 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

3.3%

top 12.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedJan 19

Latest updateMay 4

Description

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0g-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0g-1+3

▶NVDopenssl/openssl0.9.8s, 1.0.0f+1

🔴Vulnerability Details

GHSA

GHSA-ph62-8mr5-rp5w: OpenSSL 0↗2022-05-04

▶

OSV

CVE-2012-0050: OpenSSL 0↗2012-01-19

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2012-02-09

▶

Debian

CVE-2012-0050: openssl - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which all...↗2012

▶

Red Hat

openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix↗2011-01-18

▶

💬Community

Bugzilla

CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix [fedora-all]↗2012-01-19

▶

Bugzilla

CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix↗2012-01-18

▶

Bugzilla

CVE-2011-4108 openssl: DTLS plaintext recovery attack↗2012-01-04

▶