CVE-2012-0027
OpenSSL < 1.0.0f - Denial of Service via GOST Block Cipher Parameter Handling
Title source: llmDescription
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20120104.txt
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57353
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/78191
Scores
EPSS
0.0070
EPSS Percentile
72.2%
Details
CWE
CWE-399
Status
published
Products (49)
openssl/openssl
0.9.1c
openssl/openssl
0.9.2b
openssl/openssl
0.9.3
openssl/openssl
0.9.3a
openssl/openssl
0.9.4
openssl/openssl
0.9.5
openssl/openssl
0.9.5a
openssl/openssl
0.9.6
openssl/openssl
0.9.6a
openssl/openssl
0.9.6b
... and 39 more
Published
Jan 06, 2012
Tracked Since
Feb 18, 2026