Description
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9Complexity: Low
Integrity: None
Availability: None
Affected Packages3 packages
🔴Vulnerability Details
2GHSAGHSA-wwwj-58hm-mxm3: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0↗2022-05-14 OSVCVE-2012-0884: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0↗2012-03-13 📋Vendor Advisories
4BSDFreeBSD-SA-12:01.openssl: OpenSSL multiple vulnerabilities↗2012-05-30 UbuntuOpenSSL vulnerabilities↗2012-05-24 Red Hatopenssl: CMS and PKCS#7 Bleichenbacher attack↗2012-03-12 DebianCVE-2012-0884: openssl - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL ...↗2012 📄Research Papers
2arXivGraphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs↗2024-05-01 arXivCEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection↗2024-02-29 💬Community
4BugzillaCVE-2012-0884 openssl: CMS and PKCS#7 Bleichenbacher attack↗2012-03-13 BugzillaCVE-2012-1165 CVE-2012-0884 openssl various flaws [fedora-all]↗2012-03-13 BugzillaCVE-2012-1165 CVE-2012-0884 mingw32-openssl various flaws [epel-5]↗2012-03-13 BugzillaCVE-2012-1165 CVE-2012-0884 mingw32-openssl various flaws [fedora-all]↗2012-03-13