Vulnerability Description
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Call-Cc | Chicken | < 4.8.0 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/02/08/2Mailing ListThird Party Advisory
- https://access.redhat.com/security/cve/cve-2012-6123Broken Link
- https://security-tracker.debian.org/tracker/CVE-2012-6123Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/02/08/2Mailing ListThird Party Advisory
- https://access.redhat.com/security/cve/cve-2012-6123Broken Link
- https://security-tracker.debian.org/tracker/CVE-2012-6123Third Party Advisory
FAQ
What is CVE-2012-6123?
CVE-2012-6123 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
How severe is CVE-2012-6123?
CVE-2012-6123 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6123?
Check the references section above for vendor advisories and patch information. Affected products include: Call-Cc Chicken, Debian Debian Linux.