CVE-2012-1165 — NULL Pointer Dereference in Openssl

CWE-476 — NULL Pointer Dereference11 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.1%

top 13.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedMar 15

Latest updateMay 14

Description

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.0h-1 (bookworm)

▶Debianopenssl/openssl< 1.0.0h-1+3

▶NVDopenssl/openssl0.9.8t+63

🔴Vulnerability Details

GHSA

GHSA-9vv4-xxfm-24ff: The mime_param_cmp function in crypto/asn1/asn_mime↗2022-05-14

▶

OSV

CVE-2012-1165: The mime_param_cmp function in crypto/asn1/asn_mime↗2012-03-15

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2012-04-19

▶

Red Hat

openssl: mime_param_cmp NULL dereference crash↗2012-03-12

▶

Debian

CVE-2012-1165: openssl - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u a...↗2012

▶

💬Community

Bugzilla

CVE-2012-1165 CVE-2012-0884 openssl various flaws [fedora-all]↗2012-03-13

▶

Bugzilla

CVE-2012-1165 CVE-2012-0884 mingw32-openssl various flaws [epel-5]↗2012-03-13

▶

Bugzilla

CVE-2012-1165 CVE-2012-0884 mingw32-openssl various flaws [fedora-all]↗2012-03-13

▶

Bugzilla

CVE-2012-1165 openssl: mime_param_cmp NULL dereference crash↗2012-03-12

▶

Bugzilla

CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans↗2011-08-12

▶