CVE-2012-2130

Published: Dec 6, 2019Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

Affected (5)

Products: Polarssl: Polarssl · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Polarssl Polarssl	From 1.0.0 to 1.1.1
Polarssl Polarssl	Version 0.99 pre4
Polarssl Polarssl	Version 0.99 pre5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 17

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (12)

http://security.gentoo.org/glsa/glsa-201310-10.xml

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/53610

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/75726

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://security-tracker.debian.org/tracker/CVE-2012-2130

Source: secalert@redhat.com

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201310-10.xml