ID CVE-2012-0050
Summary OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-02-2023 - 03:24)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
apple APPLE-SA-2013-06-04-1
bid 51563
confirm
debian DSA-2392
hp
  • HPSBMU02776
  • HPSBOV02793
  • HPSBUX02737
  • SSRT100747
  • SSRT100852
  • SSRT100891
mandriva MDVSA-2012:011
osvdb 78320
sectrack 1026548
secunia
  • 47631
  • 47677
  • 47755
  • 48528
  • 57353
Last major update 13-02-2023 - 03:24
Published 19-01-2012 - 19:55
Last modified 13-02-2023 - 03:24
Back to Top