CVE-2012-0050

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=134039053214295&w=2

http://osvdb.org/78320

http://secunia.com/advisories/47631

http://secunia.com/advisories/47677

http://secunia.com/advisories/47755

http://secunia.com/advisories/48528

http://secunia.com/advisories/57353

http://support.apple.com/kb/HT5784

http://www.debian.org/security/2012/dsa-2392

http://www.mandriva.com/security/advisories?name=MDVSA-2012:011

http://www.openssl.org/news/secadv_20120118.txt

http://www.securityfocus.com/bid/51563

http://www.securitytracker.com/id?1026548

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Details

Source: MITRE

Published: 2012-01-19

Updated: 2016-08-23

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
127201NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)NessusNewStart CGSL Local Security Checks
critical
89038VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)NessusMisc.
high
80715Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)NessusSolaris Local Security Checks
high
79532OracleVM 3.2 : onpenssl (OVMSA-2014-0008)NessusOracleVM Local Security Checks
high
79531OracleVM 2.2 : openssl (OVMSA-2014-0007)NessusOracleVM Local Security Checks
high
75909openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0266-1)NessusSuSE Local Security Checks
medium
74901openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)NessusSuSE Local Security Checks
high
74859openSUSE Security Update : openssl (openSUSE-2012-99)NessusSuSE Local Security Checks
medium
73561AIX OpenSSL Advisory : openssl_advisory3.ascNessusAIX Local Security Checks
high
70885ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)NessusMisc.
high
801016Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)Log Correlation EngineOperating System Detection
high
6857Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)Nessus Network MonitorWeb Clients
critical
66809Mac OS X Multiple Vulnerabilities (Security Update 2013-002)NessusMacOS X Local Security Checks
critical
66808Mac OS X 10.8.x < 10.8.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
61747VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party librariesNessusVMware ESX Local Security Checks
critical
58222GLSA-201203-12 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58033SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7961)NessusSuSE Local Security Checks
medium
58031SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5808)NessusSuSE Local Security Checks
medium
57887Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)NessusUbuntu Local Security Checks
high
57724Mandriva Linux Security Advisory : openssl (MDVSA-2012:011)NessusMandriva Local Security Checks
medium
57712OpenSSL 1.0.0f DTLS Denial of ServiceNessusWeb Servers
medium
57711OpenSSL 0.9.8s DTLS Denial of ServiceNessusWeb Servers
medium
57671Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)NessusFedora Local Security Checks
medium
57643Debian DSA-2392-1 : openssl - out-of-bounds readNessusDebian Local Security Checks
medium
57628FreeBSD : OpenSSL -- DTLS Denial of Service (5c5f19ce-43af-11e1-89b4-001ec9578670)NessusFreeBSD Local Security Checks
medium
57627Fedora 16 : openssl-1.0.0g-1.fc16 (2012-0708)NessusFedora Local Security Checks
medium
801054OpenSSL 0.9.8s / 1.0.0f DTLS Denial of ServiceLog Correlation EngineWeb Servers
medium
6288OpenSSL 0.9.8s / 1.0.0f DTLS DoSNessus Network MonitorWeb Servers
medium