5
CVE-2012-5621
- EPSS 2.78%
- Veröffentlicht 29.09.2014 22:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.78% | 0.845 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news
http://seclists.org/oss-sec/2012/q4/407
http://www.securityfocus.com/bid/56790
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of
https://bugzilla.redhat.com/show_bug.cgi?id=883058
https://exchange.xforce.ibmcloud.com/vulnerabilities/80640
https://git.gnome.org/browse/ekiga/commit/?id=7d09807257
https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html