CVE-2012-0884 in OpenSSLinfo

Summary

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
4821	OpenSSL CMS/PKCS#7 cryptographic issue	310	Not defined	Official fix	CVE-2012-0884

Reservation

01/19/2012

Disclosure

03/12/2012

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-0884
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0884
CVE Details	https://www.cvedetails.com/cve/CVE-2012-0884/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!