Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-76r1-sn8n-97cp
Vulnerability ID VCID-76r1-sn8n-97cp
Aliases CVE-2012-4929
Summary The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
Status Published
Exploitability 0.5
Weighted Severity 0.1
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.08487 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.08487 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.08487 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4929.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
689936 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689936
700399 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700399
700426 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700426
727197 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197
728055 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728055
857051 https://bugzilla.redhat.com/show_bug.cgi?id=857051
GLSA-201309-12 https://security.gentoo.org/glsa/201309-12
RHSA-2013:0587 https://access.redhat.com/errata/RHSA-2013:0587
RHSA-2013:0636 https://access.redhat.com/errata/RHSA-2013:0636
RHSA-2014:0416 https://access.redhat.com/errata/RHSA-2014:0416
USN-1627-1 https://usn.ubuntu.com/1627-1/
USN-1628-1 https://usn.ubuntu.com/1628-1/
USN-1898-1 https://usn.ubuntu.com/1898-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.9251
EPSS Score 0.08487
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:27:44.663078+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0