What is the severity of CVE-2012-1165?

CVE-2012-1165 is classified as a denial of service vulnerability impacting OpenSSL.

How do I fix CVE-2012-1165?

To fix CVE-2012-1165, upgrade to OpenSSL version 0.9.8u or 1.0.0h or later.

What versions of OpenSSL are affected by CVE-2012-1165?

CVE-2012-1165 affects OpenSSL versions before 0.9.8u and 1.x before 1.0.0h.

What type of attack does CVE-2012-1165 enable?

CVE-2012-1165 enables remote attackers to cause a denial of service through a crafted S/MIME message.

Is CVE-2012-1165 a buffer overflow vulnerability?

No, CVE-2012-1165 is not a buffer overflow vulnerability; it involves a NULL pointer dereference.

Vulnerability/
CVE-2012-1165

medium

CWE

399 476

15/3/2012

6/8/2024

CVE-2012-1165: Null Pointer Dereference

First published: Thu Mar 15 2012(Updated: )

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
OpenSSL libcrypto	<=0.9.8t
OpenSSL libcrypto	=0.9.1c
OpenSSL libcrypto	=0.9.2b
OpenSSL libcrypto	=0.9.3
OpenSSL libcrypto	=0.9.3a
OpenSSL libcrypto	=0.9.4
OpenSSL libcrypto	=0.9.5
OpenSSL libcrypto	=0.9.5-beta1
OpenSSL libcrypto	=0.9.5-beta2
OpenSSL libcrypto	=0.9.5a
OpenSSL libcrypto	=0.9.5a-beta1
OpenSSL libcrypto	=0.9.5a-beta2
OpenSSL libcrypto	=0.9.6
OpenSSL libcrypto	=0.9.6-beta1
OpenSSL libcrypto	=0.9.6-beta2
OpenSSL libcrypto	=0.9.6-beta3
OpenSSL libcrypto	=0.9.6a
OpenSSL libcrypto	=0.9.6a-beta1
OpenSSL libcrypto	=0.9.6a-beta2
OpenSSL libcrypto	=0.9.6a-beta3
OpenSSL libcrypto	=0.9.6b
OpenSSL libcrypto	=0.9.6c
OpenSSL libcrypto	=0.9.6d
OpenSSL libcrypto	=0.9.6e
OpenSSL libcrypto	=0.9.6f
OpenSSL libcrypto	=0.9.6g
OpenSSL libcrypto	=0.9.6h
OpenSSL libcrypto	=0.9.6i
OpenSSL libcrypto	=0.9.6j
OpenSSL libcrypto	=0.9.6k
OpenSSL libcrypto	=0.9.6l
OpenSSL libcrypto	=0.9.6m
OpenSSL libcrypto	=0.9.7
OpenSSL libcrypto	=0.9.7-beta1
OpenSSL libcrypto	=0.9.7-beta2
OpenSSL libcrypto	=0.9.7-beta3
OpenSSL libcrypto	=0.9.7-beta4
OpenSSL libcrypto	=0.9.7-beta5
OpenSSL libcrypto	=0.9.7-beta6
OpenSSL libcrypto	=0.9.7a
OpenSSL libcrypto	=0.9.7b
OpenSSL libcrypto	=0.9.7c
OpenSSL libcrypto	=0.9.7d
OpenSSL libcrypto	=0.9.7e
OpenSSL libcrypto	=0.9.7f
OpenSSL libcrypto	=0.9.7g
OpenSSL libcrypto	=0.9.7h
OpenSSL libcrypto	=0.9.7i
OpenSSL libcrypto	=0.9.7j
OpenSSL libcrypto	=0.9.7k
OpenSSL libcrypto	=0.9.7l
OpenSSL libcrypto	=0.9.7m
OpenSSL libcrypto	=0.9.8
OpenSSL libcrypto	=0.9.8a
OpenSSL libcrypto	=0.9.8b
OpenSSL libcrypto	=0.9.8c
OpenSSL libcrypto	=0.9.8d
OpenSSL libcrypto	=0.9.8e
OpenSSL libcrypto	=0.9.8f
OpenSSL libcrypto	=0.9.8g
OpenSSL libcrypto	=0.9.8h
OpenSSL libcrypto	=0.9.8i
OpenSSL libcrypto	=0.9.8j
OpenSSL libcrypto	=0.9.8k
OpenSSL libcrypto	=0.9.8l
OpenSSL libcrypto	=0.9.8m
OpenSSL libcrypto	=0.9.8m-beta1
OpenSSL libcrypto	=0.9.8n
OpenSSL libcrypto	=0.9.8o
OpenSSL libcrypto	=0.9.8p
OpenSSL libcrypto	=0.9.8q
OpenSSL libcrypto	=0.9.8r
OpenSSL libcrypto	=0.9.8s
OpenSSL libcrypto	=1.0.0
OpenSSL libcrypto	=1.0.0-beta1
OpenSSL libcrypto	=1.0.0-beta2
OpenSSL libcrypto	=1.0.0-beta3
OpenSSL libcrypto	=1.0.0-beta4
OpenSSL libcrypto	=1.0.0-beta5
OpenSSL libcrypto	=1.0.0a
OpenSSL libcrypto	=1.0.0b
OpenSSL libcrypto	=1.0.0c
OpenSSL libcrypto	=1.0.0d
OpenSSL libcrypto	=1.0.0e
OpenSSL libcrypto	=1.0.0f
OpenSSL libcrypto	=1.0.0g

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1165?
CVE-2012-1165 is classified as a denial of service vulnerability impacting OpenSSL.
How do I fix CVE-2012-1165?
To fix CVE-2012-1165, upgrade to OpenSSL version 0.9.8u or 1.0.0h or later.
What versions of OpenSSL are affected by CVE-2012-1165?
CVE-2012-1165 affects OpenSSL versions before 0.9.8u and 1.x before 1.0.0h.
What type of attack does CVE-2012-1165 enable?
CVE-2012-1165 enables remote attackers to cause a denial of service through a crafted S/MIME message.
Is CVE-2012-1165 a buffer overflow vulnerability?
No, CVE-2012-1165 is not a buffer overflow vulnerability; it involves a NULL pointer dereference.

agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/event
agent/first-publish-date
agent/type
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/openssl
canonical/openssl libcrypto
version/openssl libcrypto/0.9.8t
version/openssl libcrypto/0.9.1c
version/openssl libcrypto/0.9.2b
version/openssl libcrypto/0.9.3
version/openssl libcrypto/0.9.3a
version/openssl libcrypto/0.9.4
version/openssl libcrypto/0.9.5
version/openssl libcrypto/0.9.5-beta1
version/openssl libcrypto/0.9.5-beta2
version/openssl libcrypto/0.9.5a
version/openssl libcrypto/0.9.5a-beta1
version/openssl libcrypto/0.9.5a-beta2
version/openssl libcrypto/0.9.6
version/openssl libcrypto/0.9.6-beta1
version/openssl libcrypto/0.9.6-beta2
version/openssl libcrypto/0.9.6-beta3
version/openssl libcrypto/0.9.6a
version/openssl libcrypto/0.9.6a-beta1
version/openssl libcrypto/0.9.6a-beta2
version/openssl libcrypto/0.9.6a-beta3
version/openssl libcrypto/0.9.6b
version/openssl libcrypto/0.9.6c
version/openssl libcrypto/0.9.6d
version/openssl libcrypto/0.9.6e
version/openssl libcrypto/0.9.6f
version/openssl libcrypto/0.9.6g
version/openssl libcrypto/0.9.6h
version/openssl libcrypto/0.9.6i
version/openssl libcrypto/0.9.6j
version/openssl libcrypto/0.9.6k
version/openssl libcrypto/0.9.6l
version/openssl libcrypto/0.9.6m
version/openssl libcrypto/0.9.7
version/openssl libcrypto/0.9.7-beta1
version/openssl libcrypto/0.9.7-beta2
version/openssl libcrypto/0.9.7-beta3
version/openssl libcrypto/0.9.7-beta4
version/openssl libcrypto/0.9.7-beta5
version/openssl libcrypto/0.9.7-beta6
version/openssl libcrypto/0.9.7a
version/openssl libcrypto/0.9.7b
version/openssl libcrypto/0.9.7c
version/openssl libcrypto/0.9.7d
version/openssl libcrypto/0.9.7e
version/openssl libcrypto/0.9.7f
version/openssl libcrypto/0.9.7g
version/openssl libcrypto/0.9.7h
version/openssl libcrypto/0.9.7i
version/openssl libcrypto/0.9.7j
version/openssl libcrypto/0.9.7k
version/openssl libcrypto/0.9.7l
version/openssl libcrypto/0.9.7m
version/openssl libcrypto/0.9.8
version/openssl libcrypto/0.9.8a
version/openssl libcrypto/0.9.8b
version/openssl libcrypto/0.9.8c
version/openssl libcrypto/0.9.8d
version/openssl libcrypto/0.9.8e
version/openssl libcrypto/0.9.8f
version/openssl libcrypto/0.9.8g
version/openssl libcrypto/0.9.8h
version/openssl libcrypto/0.9.8i
version/openssl libcrypto/0.9.8j
version/openssl libcrypto/0.9.8k
version/openssl libcrypto/0.9.8l
version/openssl libcrypto/0.9.8m
version/openssl libcrypto/0.9.8m-beta1
version/openssl libcrypto/0.9.8n
version/openssl libcrypto/0.9.8o
version/openssl libcrypto/0.9.8p
version/openssl libcrypto/0.9.8q
version/openssl libcrypto/0.9.8r
version/openssl libcrypto/0.9.8s
version/openssl libcrypto/1.0.0
version/openssl libcrypto/1.0.0-beta1
version/openssl libcrypto/1.0.0-beta2
version/openssl libcrypto/1.0.0-beta3
version/openssl libcrypto/1.0.0-beta4
version/openssl libcrypto/1.0.0-beta5
version/openssl libcrypto/1.0.0a
version/openssl libcrypto/1.0.0b
version/openssl libcrypto/1.0.0c
version/openssl libcrypto/1.0.0d
version/openssl libcrypto/1.0.0e
version/openssl libcrypto/1.0.0f
version/openssl libcrypto/1.0.0g