CVE-2012-2130

EPSS 0.07%
Veröffentlicht 06.12.2019 18:15:10
Zuletzt bearbeitet 21.11.2024 01:38:33
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Polarssl ≫ Polarssl Version >= 1.0.0 <= 1.1.1

Polarssl ≫ Polarssl Version0.99 Updatepre4

Polarssl ≫ Polarssl Version0.99 Updatepre5

Debian ≫ Debian Linux Version8.0

Fedoraproject ≫ Fedora Version17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.23

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://security.gentoo.org/glsa/glsa-201310-10.xml

Third Party Advisory

http://www.securityfocus.com/bid/53610

Third Party Advisory

VDB Entry

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130

Third Party Advisory

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/75726