Breezy input validation

Summaryinfo

A vulnerability described as critical has been identified in Breezy. This issue affects some unknown processing. Such manipulation leads to input validation. This vulnerability is listed as CVE-2012-5811. There is no available exploit.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Breezy (unknown version). Affected by this issue is an unknown code block. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality, and integrity. CVE summarizes:

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

The weakness was presented 11/04/2012 (Website). The advisory is available at cs.utexas.edu. This vulnerability is handled as CVE-2012-5811 since 11/04/2012. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

See VDB-62870, VDB-62857, VDB-62856 and VDB-62855 for similar entries. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• Breezy

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion