CVE-2012-2333

high

Description

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75525

https://bugzilla.redhat.com/show_bug.cgi?id=820686

http://www.securitytracker.com/id?1027057

http://www.securityfocus.com/bid/53476

http://www.openssl.org/news/secadv_20120510.txt

http://www.mandriva.com/security/advisories?name=MDVSA-2012:073

http://www.kb.cert.org/vuls/id/737740

http://www.debian.org/security/2012/dsa-2475

http://www.cert.fi/en/reports/2012/vulnerability641549.html

http://support.apple.com/kb/HT5784

http://secunia.com/advisories/51312

http://secunia.com/advisories/50768

http://secunia.com/advisories/49324

http://secunia.com/advisories/49208

http://secunia.com/advisories/49116

http://rhn.redhat.com/errata/RHSA-2012-1308.html

http://rhn.redhat.com/errata/RHSA-2012-1307.html

http://rhn.redhat.com/errata/RHSA-2012-1306.html

http://rhn.redhat.com/errata/RHSA-2012-0699.html

http://marc.info/?l=bugtraq&m=136432043316835&w=2

http://marc.info/?l=bugtraq&m=134919053717161&w=2

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://cvs.openssl.org/chngview?cn=22547

http://cvs.openssl.org/chngview?cn=22538

Details

Source: Mitre, NVD

Published: 2012-05-14

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High