What is the severity of CVE-2012-0027?

CVE-2012-0027 has a severity rating that indicates it can lead to a denial of service due to the inability of OpenSSL to properly handle invalid parameters.

How do I fix CVE-2012-0027?

To fix CVE-2012-0027, upgrade to OpenSSL version 1.0.0f or later that includes fixes for the vulnerability.

Which versions of OpenSSL are affected by CVE-2012-0027?

CVE-2012-0027 affects OpenSSL versions prior to 1.0.0f, including 0.9.1c, 0.9.2b, and multiple versions up to 1.0.0e.

What kind of attack does CVE-2012-0027 enable?

CVE-2012-0027 enables remote attackers to execute a denial of service attack that causes the daemon to crash.

Is CVE-2012-0027 associated with TLS clients?

Yes, CVE-2012-0027 can be triggered by crafted data sent from a TLS client, exploiting the vulnerability in the GOST ENGINE.

Vulnerability/
CVE-2012-0027

medium

CWE

399

6/1/2012

26/3/2014

CVE-2012-0027

First published: Fri Jan 06 2012(Updated: )

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
OpenSSL libcrypto	<=1.0.0e
OpenSSL libcrypto	=0.9.1c
OpenSSL libcrypto	=0.9.2b
OpenSSL libcrypto	=0.9.3
OpenSSL libcrypto	=0.9.3a
OpenSSL libcrypto	=0.9.4
OpenSSL libcrypto	=0.9.5
OpenSSL libcrypto	=0.9.5a
OpenSSL libcrypto	=0.9.6
OpenSSL libcrypto	=0.9.6a
OpenSSL libcrypto	=0.9.6b
OpenSSL libcrypto	=0.9.6c
OpenSSL libcrypto	=0.9.6d
OpenSSL libcrypto	=0.9.6e
OpenSSL libcrypto	=0.9.6f
OpenSSL libcrypto	=0.9.6g
OpenSSL libcrypto	=0.9.6h
OpenSSL libcrypto	=0.9.6h-bogus
OpenSSL libcrypto	=0.9.6i
OpenSSL libcrypto	=0.9.6j
OpenSSL libcrypto	=0.9.6k
OpenSSL libcrypto	=0.9.6l
OpenSSL libcrypto	=0.9.6m
OpenSSL libcrypto	=0.9.7
OpenSSL libcrypto	=0.9.7a
OpenSSL libcrypto	=0.9.7b
OpenSSL libcrypto	=0.9.7c
OpenSSL libcrypto	=0.9.7d
OpenSSL libcrypto	=0.9.7e
OpenSSL libcrypto	=0.9.7f
OpenSSL libcrypto	=0.9.7g
OpenSSL libcrypto	=0.9.7h
OpenSSL libcrypto	=0.9.7i
OpenSSL libcrypto	=0.9.7j
OpenSSL libcrypto	=0.9.7k
OpenSSL libcrypto	=0.9.7l
OpenSSL libcrypto	=0.9.7m
OpenSSL libcrypto	=0.9.8
OpenSSL libcrypto	=0.9.8a
OpenSSL libcrypto	=0.9.8b
OpenSSL libcrypto	=0.9.8c
OpenSSL libcrypto	=0.9.8d
OpenSSL libcrypto	=0.9.8e
OpenSSL libcrypto	=0.9.8f
OpenSSL libcrypto	=0.9.8g
OpenSSL libcrypto	=0.9.8h
OpenSSL libcrypto	=0.9.8i
OpenSSL libcrypto	=0.9.8j
OpenSSL libcrypto	=0.9.8k
OpenSSL libcrypto	=0.9.8l
OpenSSL libcrypto	=0.9.8m
OpenSSL libcrypto	=0.9.8n
OpenSSL libcrypto	=0.9.8o
OpenSSL libcrypto	=0.9.8p
OpenSSL libcrypto	=0.9.8q
OpenSSL libcrypto	=0.9.8r
OpenSSL libcrypto	=0.9.8s
OpenSSL libcrypto	=1.0.0
OpenSSL libcrypto	=1.0.0-beta1
OpenSSL libcrypto	=1.0.0-beta2
OpenSSL libcrypto	=1.0.0-beta3
OpenSSL libcrypto	=1.0.0-beta4
OpenSSL libcrypto	=1.0.0-beta5
OpenSSL libcrypto	=1.0.0a
OpenSSL libcrypto	=1.0.0b
OpenSSL libcrypto	=1.0.0c
OpenSSL libcrypto	=1.0.0d

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0027?
CVE-2012-0027 has a severity rating that indicates it can lead to a denial of service due to the inability of OpenSSL to properly handle invalid parameters.
How do I fix CVE-2012-0027?
To fix CVE-2012-0027, upgrade to OpenSSL version 1.0.0f or later that includes fixes for the vulnerability.
Which versions of OpenSSL are affected by CVE-2012-0027?
CVE-2012-0027 affects OpenSSL versions prior to 1.0.0f, including 0.9.1c, 0.9.2b, and multiple versions up to 1.0.0e.
What kind of attack does CVE-2012-0027 enable?
CVE-2012-0027 enables remote attackers to execute a denial of service attack that causes the daemon to crash.
Is CVE-2012-0027 associated with TLS clients?
Yes, CVE-2012-0027 can be triggered by crafted data sent from a TLS client, exploiting the vulnerability in the GOST ENGINE.

agent/type
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/severity
agent/author
agent/references
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/openssl
canonical/openssl libcrypto
version/openssl libcrypto/1.0.0e
version/openssl libcrypto/0.9.1c
version/openssl libcrypto/0.9.2b
version/openssl libcrypto/0.9.3
version/openssl libcrypto/0.9.3a
version/openssl libcrypto/0.9.4
version/openssl libcrypto/0.9.5
version/openssl libcrypto/0.9.5a
version/openssl libcrypto/0.9.6
version/openssl libcrypto/0.9.6a
version/openssl libcrypto/0.9.6b
version/openssl libcrypto/0.9.6c
version/openssl libcrypto/0.9.6d
version/openssl libcrypto/0.9.6e
version/openssl libcrypto/0.9.6f
version/openssl libcrypto/0.9.6g
version/openssl libcrypto/0.9.6h
version/openssl libcrypto/0.9.6h-bogus
version/openssl libcrypto/0.9.6i
version/openssl libcrypto/0.9.6j
version/openssl libcrypto/0.9.6k
version/openssl libcrypto/0.9.6l
version/openssl libcrypto/0.9.6m
version/openssl libcrypto/0.9.7
version/openssl libcrypto/0.9.7a
version/openssl libcrypto/0.9.7b
version/openssl libcrypto/0.9.7c
version/openssl libcrypto/0.9.7d
version/openssl libcrypto/0.9.7e
version/openssl libcrypto/0.9.7f
version/openssl libcrypto/0.9.7g
version/openssl libcrypto/0.9.7h
version/openssl libcrypto/0.9.7i
version/openssl libcrypto/0.9.7j
version/openssl libcrypto/0.9.7k
version/openssl libcrypto/0.9.7l
version/openssl libcrypto/0.9.7m
version/openssl libcrypto/0.9.8
version/openssl libcrypto/0.9.8a
version/openssl libcrypto/0.9.8b
version/openssl libcrypto/0.9.8c
version/openssl libcrypto/0.9.8d
version/openssl libcrypto/0.9.8e
version/openssl libcrypto/0.9.8f
version/openssl libcrypto/0.9.8g
version/openssl libcrypto/0.9.8h
version/openssl libcrypto/0.9.8i
version/openssl libcrypto/0.9.8j
version/openssl libcrypto/0.9.8k
version/openssl libcrypto/0.9.8l
version/openssl libcrypto/0.9.8m
version/openssl libcrypto/0.9.8n
version/openssl libcrypto/0.9.8o
version/openssl libcrypto/0.9.8p
version/openssl libcrypto/0.9.8q
version/openssl libcrypto/0.9.8r
version/openssl libcrypto/0.9.8s
version/openssl libcrypto/1.0.0
version/openssl libcrypto/1.0.0-beta1
version/openssl libcrypto/1.0.0-beta2
version/openssl libcrypto/1.0.0-beta3
version/openssl libcrypto/1.0.0-beta4
version/openssl libcrypto/1.0.0-beta5
version/openssl libcrypto/1.0.0a
version/openssl libcrypto/1.0.0b
version/openssl libcrypto/1.0.0c
version/openssl libcrypto/1.0.0d

CVE-2012-0027

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0027?

How do I fix CVE-2012-0027?

Which versions of OpenSSL are affected by CVE-2012-0027?

What kind of attack does CVE-2012-0027 enable?

Is CVE-2012-0027 associated with TLS clients?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-0027?

How do I fix CVE-2012-0027?

Which versions of OpenSSL are affected by CVE-2012-0027?

What kind of attack does CVE-2012-0027 enable?

Is CVE-2012-0027 associated with TLS clients?