← back
CVE-2012-2686

CVE-2012-2686

30Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 40%
from disclosure to weapon0 days
Published on NVDFeb 8
metasploitFeb 5
exploitation probability
40%top 2% of all CVEs
observed exploitation
nono source reports it
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Affected products
n/a · n/a