NVD Vulnerability Detail

CVE-2012-1165

Summary	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Publication Date	March 16, 2012, 2:55 a.m.
Registration Date	Jan. 28, 2021, 2:55 p.m.
Last Update	Nov. 21, 2024, 10:36 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::		0.9.8t
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
cpe:2.3:a:openssl:openssl:1.0.0:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://cvs.openssl.org/chngview?cn=22252
2	http://cvs.openssl.org/chngview?cn=22252
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
5	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
6	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
7	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
8	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
9	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
10	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
11	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
12	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
13	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
14	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
15	http://marc.info/?l=bugtraq&m=133728068926468&w=2
16	http://marc.info/?l=bugtraq&m=133728068926468&w=2
17	http://marc.info/?l=bugtraq&m=133728068926468&w=2
18	http://marc.info/?l=bugtraq&m=133728068926468&w=2
19	http://marc.info/?l=bugtraq&m=134039053214295&w=2
20	http://marc.info/?l=bugtraq&m=134039053214295&w=2
21	http://marc.info/?l=bugtraq&m=134039053214295&w=2
22	http://marc.info/?l=bugtraq&m=134039053214295&w=2
23	http://rhn.redhat.com/errata/RHSA-2012-0426.html
24	http://rhn.redhat.com/errata/RHSA-2012-0426.html
25	http://rhn.redhat.com/errata/RHSA-2012-0488.html
26	http://rhn.redhat.com/errata/RHSA-2012-0488.html
27	http://rhn.redhat.com/errata/RHSA-2012-0531.html
28	http://rhn.redhat.com/errata/RHSA-2012-0531.html
29	http://rhn.redhat.com/errata/RHSA-2012-1306.html
30	http://rhn.redhat.com/errata/RHSA-2012-1306.html
31	http://rhn.redhat.com/errata/RHSA-2012-1307.html
32	http://rhn.redhat.com/errata/RHSA-2012-1307.html
33	http://rhn.redhat.com/errata/RHSA-2012-1308.html
34	http://rhn.redhat.com/errata/RHSA-2012-1308.html
35	http://secunia.com/advisories/48580
36	http://secunia.com/advisories/48580
37	http://secunia.com/advisories/48895
38	http://secunia.com/advisories/48895
39	http://secunia.com/advisories/48899
40	http://secunia.com/advisories/48899
41	http://www.debian.org/security/2012/dsa-2454
42	http://www.debian.org/security/2012/dsa-2454
43	http://www.openwall.com/lists/oss-security/2012/03/12/3
44	http://www.openwall.com/lists/oss-security/2012/03/12/3
45	http://www.openwall.com/lists/oss-security/2012/03/12/6
46	http://www.openwall.com/lists/oss-security/2012/03/12/6
47	http://www.openwall.com/lists/oss-security/2012/03/12/7
48	http://www.openwall.com/lists/oss-security/2012/03/12/7
49	http://www.openwall.com/lists/oss-security/2012/03/13/2
50	http://www.openwall.com/lists/oss-security/2012/03/13/2
51	http://www.securityfocus.com/bid/52764
52	http://www.securityfocus.com/bid/52764
53	http://www.securitytracker.com/id?1026787
54	http://www.securitytracker.com/id?1026787
55	http://www.ubuntu.com/usn/USN-1424-1
56	http://www.ubuntu.com/usn/USN-1424-1
57	https://downloads.avaya.com/css/P8/documents/100162507
58	https://downloads.avaya.com/css/P8/documents/100162507

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

JVN Vulnerability Information

OpenSSL の crypto/asn1/asn_mime.c にある mime_param_cmp 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	OpenSSL の crypto/asn1/asn_mime.c にある mime_param_cmp 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	OpenSSL の crypto/asn1/asn_mime.c にある mime_param_cmp 関数には、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態となる脆弱性が存在します。本脆弱性は、CVE-2006-7250 とは異なる脆弱性です。
Possible impacts	第三者により、巧妙に細工された S/MIME メッセージを介して、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 15, 2012, midnight
Registration Date	March 19, 2012, 12:07 p.m.
Last Update	Nov. 13, 2012, 5:38 p.m.

Affected System

OpenSSL Project

OpenSSL 0.9.8u 未満

OpenSSL 1.0.0h 未満の 1.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1165	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165
National Vulnerability Database (NVD)
2	CVE-2012-1165	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1165
SECURITY BLOG
3	CVE-2012-1165 Denial of Service (DoS) vulnerability in OpenSSL	https://blogs.oracle.com/sunsecurity/entry/cve_2012_1165_denial_of

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Debian セキュリティ勧告
1	DSA-2454	http://www.debian.org/security/2012/dsa-2454
Fedora Update Notification
2	FEDORA-2012-4630	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
3	FEDORA-2012-4665	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
HP Security Bulletin
4	HPSBMU02786 SSRT100877	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
5	HPSBOV02793 SSRT100891	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03383940
OpenSSL
6	22252	http://cvs.openssl.org/chngview?cn=22252
Red Hat Security Advisory
7	RHSA-2012:1306	http://rhn.redhat.com/errata/RHSA-2012-1306.html
8	RHSA-2012:1307	http://rhn.redhat.com/errata/RHSA-2012-1307.html
9	RHSA-2012:1308	http://rhn.redhat.com/errata/RHSA-2012-1308.html
Ubuntu Security Notice
10	USN-1424-1	http://www.ubuntu.com/usn/USN-1424-1

Change Log

No	Changed Details	Date of change
0	[2012年03月19日] 掲載 [2012年05月14日] ベンダ情報：オラクル (CVE-2012-1165 Denial of Service (DoS) vulnerability in OpenSSL) を追加 [2012年07月25日] ベンダ情報：ヒューレット・パッカード (HPSBOV02793 SSRT100891) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU02786 SSRT100877) を追加 [2012年09月05日] ベンダ情報：Ubuntu (USN-1424-1) を追加ベンダ情報：Debian (DSA-2454) を追加ベンダ情報：Fedora Project (FEDORA-2012-4665) を追加 [2012年11月08日] ベンダ情報：レッドハット (RHSA-2012:1306) を追加ベンダ情報：レッドハット (RHSA-2012:1307) を追加ベンダ情報：レッドハット (RHSA-2012:1308) を追加 [2012年11月13日] ベンダ情報：Fedora Project (FEDORA-2012-4630) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::		0.9.8t
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
cpe:2.3:a:openssl:openssl:1.0.0:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*