VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686
epss	0.54656	https://api.first.org/data/v1/epss?cve=CVE-2012-2686

System

Score

Found at

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

epss

0.54656

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2686.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-2686
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
699889		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889
908029		https://bugzilla.redhat.com/show_bug.cgi?id=908029
USN-1732-1		https://usn.ubuntu.com/1732-1/

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2686.json

https://api.first.org/data/v1/epss?cve=CVE-2012-2686

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686

699889

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889

908029

https://bugzilla.redhat.com/show_bug.cgi?id=908029

USN-1732-1

https://usn.ubuntu.com/1732-1/

Data source	Metasploit
Description	The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL. This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default OpenSSL 1.0.1c package.
Note	Stability: - crash-service-down SideEffects: [] Reliability: []
Ransomware campaign use	Unknown
Source publication date	Feb. 5, 2013
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/ssl/openssl_aesni.rb

Metasploit

The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL. This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default OpenSSL 1.0.1c package.

Stability:
  - crash-service-down
SideEffects: []
Reliability: []

Unknown

Feb. 5, 2013

https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/ssl/openssl_aesni.rb

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:38:12.724739+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/1732-1/	37.0.0

2025-07-31T08:38:12.724739+00:00

Ubuntu USN Importer

Import

https://usn.ubuntu.com/1732-1/

37.0.0

Vulnerability ID	VCID-54v3-3ha9-mfgk
Aliases	CVE-2012-2686
Summary
Status	Published
Exploitability	2.0
Weighted Severity	0.5
Risk	1.0
Affected and Fixed Packages	Package Details

Percentile	0.9792
EPSS Score	0.54656
Published At	July 30, 2025, 12:55 p.m.