CVE-2012-0027

MEDIUM severity · CVSS 5 · CWE-399

5CVSS MEDIUM

Summary

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)1%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (1)

OpenSSL

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://www.openssl.org/news/secadv_20120104.txtAdvisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
http://osvdb.org/78191
http://secunia.com/advisories/57353
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041