Description

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

Remediation

References

CVE-2012-0027

Related Vulnerabilities

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)

WordPress Plugin Let Them Unsubscribe Multiple Unspecified Vulnerabilities (1.0)

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more SQL Injection (3.3)

Joomla Incorrect Authorization Vulnerability (CVE-2020-11889)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7882)

Severity

Medium

Classification

CVE-2012-0027

Tags

Missing Update Known Vulnerabilities