debian · CVE-2012-3523

Quick triage

Priority: low 公開: Updated: Mon, 06 Jul 2026 01:00:57 GMT

参照: Official debian advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-3523 low priority: Debian including 2 source packages (inn, inn2), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.

Description:

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

cvelogic Threat Intelligence