CVE-2012-2333

MEDIUM

Description

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

References

http://cvs.openssl.org/chngview?cn=22538

http://cvs.openssl.org/chngview?cn=22547

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html

http://marc.info/?l=bugtraq&m=134919053717161&w=2

http://marc.info/?l=bugtraq&m=136432043316835&w=2

http://rhn.redhat.com/errata/RHSA-2012-0699.html

http://rhn.redhat.com/errata/RHSA-2012-1306.html

http://rhn.redhat.com/errata/RHSA-2012-1307.html

http://rhn.redhat.com/errata/RHSA-2012-1308.html

http://secunia.com/advisories/49116

http://secunia.com/advisories/49208

http://secunia.com/advisories/49324

http://secunia.com/advisories/50768

http://secunia.com/advisories/51312

http://support.apple.com/kb/HT5784

http://www.cert.fi/en/reports/2012/vulnerability641549.html

http://www.debian.org/security/2012/dsa-2475

http://www.kb.cert.org/vuls/id/737740

http://www.mandriva.com/security/advisories?name=MDVSA-2012:073

http://www.openssl.org/news/secadv_20120510.txt

http://www.securityfocus.com/bid/53476

http://www.securitytracker.com/id?1027057

https://bugzilla.redhat.com/show_bug.cgi?id=820686

https://exchange.xforce.ibmcloud.com/vulnerabilities/75525

Details

Source: MITRE

Published: 2012-05-14

Updated: 2018-01-05

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM