CVE-2012-0050 - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers

CVE-2012-0050

Summary

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-02-2023 - 03:24)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

apple	APPLE-SA-2013-06-04-1
bid	51563
confirm	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://support.apple.com/kb/HT5784 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.openssl.org/news/secadv_20120118.txt
debian	DSA-2392
hp	HPSBMU02776 HPSBOV02793 HPSBUX02737 SSRT100747 SSRT100852 SSRT100891
mandriva	MDVSA-2012:011
osvdb	78320
sectrack	1026548
secunia	47631 47677 47755 48528 57353

Last major update

13-02-2023 - 03:24

Published

19-01-2012 - 19:55

Last modified

13-02-2023 - 03:24