The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Conclusion & alert: CVE-2012-2143 is rated Moderate Risk (52.2/100): CVSS Medium severity, with high exploitation likelihood (EPSS 5.73%, 92th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.74% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 3.00% | 5.73% | +2.74% |
| 2 | 2026-02-01 | 6.53% | 3.00% | -3.53% |
| 3 | 2026-01-21 | — | 6.53% | — |
Full EPSS history (18 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
gentoo
|
normal | CVE-2012-2143: 2 GLSA(s) (201209-03, 201209-24), 2 atom(s) (dev-db/postgresql-server, dev-lang/php); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-2143 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2012-2143 |
ubuntu
|
medium | CVE-2012-2143 medium priority: Ubuntu including 5 source packages (php5, postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1), 41 status rows across 9 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, upstream): DNE 18, released 13, not-affected 5, ignored 3, needs-triage 2. | https://ubuntu.com/security/CVE-2012-2143 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| postgresql | postgresql | >= 8.3, < 8.3.19 | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
| postgresql | postgresql | >= 8.4, < 8.4.12 | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
| postgresql | postgresql | >= 9.0, < 9.0.8 | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
| postgresql | postgresql | >= 9.1, < 9.1.4 | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
| freebsd | freebsd | <= 9.0 | cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* |
| freebsd | freebsd | 1.0 | cpe:2.3:o:freebsd:freebsd:1.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 1.1 | cpe:2.3:o:freebsd:freebsd:1.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 1.1.5 | cpe:2.3:o:freebsd:freebsd:1.1.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 1.1.5.1 | cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.0 | cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.0.5 | cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.1 | cpe:2.3:o:freebsd:freebsd:2.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.1.5 | cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.1.6 | cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.1.7 | cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2 | cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2.1 | cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2.2 | cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2.5 | cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2.6 | cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2.7 | cpe:2.3:o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:* |
| freebsd | freebsd | 2.2.8 | cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:* |
| freebsd | freebsd | 3.0 | cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 3.1 | cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 3.2 | cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 3.3 | cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:* |
| freebsd | freebsd | 3.4 | cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:* |
| freebsd | freebsd | 3.5 | cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.0 | cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.1 | cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.1.1 | cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.2 | cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.3 | cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.4 | cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.5 | cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.6 | cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.6.2 | cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.7 | cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.8 | cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.9 | cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.10 | cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:* |
| freebsd | freebsd | 4.11 | cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.0 | cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.1 | cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.2 | cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.2.1 | cpe:2.3:o:freebsd:freebsd:5.2.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.3 | cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.4 | cpe:2.3:o:freebsd:freebsd:5.4:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.5 | cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:* |
| freebsd | freebsd | 6.0 | cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 6.1 | cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 6.2 | cpe:2.3:o:freebsd:freebsd:6.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 6.3 | cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:* |
| freebsd | freebsd | 6.4 | cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:* |
| freebsd | freebsd | 7.0 | cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 7.1 | cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 7.2 | cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 7.3 | cpe:2.3:o:freebsd:freebsd:7.3:*:*:*:*:*:*:* |
| freebsd | freebsd | 7.4 | cpe:2.3:o:freebsd:freebsd:7.4:*:*:*:*:*:*:* |
| freebsd | freebsd | 8.0 | cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 8.1 | cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:* |
| freebsd | freebsd | 8.2 | cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:* |
| freebsd | freebsd | 8.3 | cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:* |
| php | php | < 5.3.14 | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
| php | php | >= 5.4.0, < 5.4.4 | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
| debian | debian_linux | 6.0 | cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |