Resource Management Errors Affecting openssl package, versions >=1.0.0
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
11.39% (96th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-OPENSSL-470984
- published 2 Oct 2019
- disclosed 14 Feb 2012
- credit Unknown
Introduced: 14 Feb 2012
CVE-2012-1165 Open this link in a new tabHow to fix?
There is no fixed version for OpenSSL.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Resource Management Errors. OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible because the mime_param_cmp function can cause null pointer deferences through S/MIME messages.
References
- Debian Security Advisory
- Fedora Security Announcement
- Fedora Security Announcement
- Fedora Security Announcement
- Fedora Security Announcement
- HP Security Bulletin
- HP Security Bulletin
- http://cvs.openssl.org/chngview?cn=22252
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- https://downloads.avaya.com/css/P8/documents/100162507
- OSS security Advisory
- OSS security Advisory
- OSS security Advisory
- OSS security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Tracker
- Ubuntu Security Advisory