Search for vulnerabilities
Vulnerability details: VCID-54v3-3ha9-mfgk
Vulnerability ID VCID-54v3-3ha9-mfgk
Aliases CVE-2012-2686
Summary
Status Published
Exploitability 2.0
Weighted Severity 0.5
Risk 1.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss 0.54656 https://api.first.org/data/v1/epss?cve=CVE-2012-2686
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2686.json
https://api.first.org/data/v1/epss?cve=CVE-2012-2686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
699889 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889
908029 https://bugzilla.redhat.com/show_bug.cgi?id=908029
USN-1732-1 https://usn.ubuntu.com/1732-1/
Data source Metasploit
Description The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL. This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default OpenSSL 1.0.1c package.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date Feb. 5, 2013
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/ssl/openssl_aesni.rb
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.9792
EPSS Score 0.54656
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:12.724739+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/1732-1/ 37.0.0