[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-2333

Date: (C)2012-05-14   (M)2017-08-29
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Reference:
SECTRACK-1027057
SECUNIA-49116
SECUNIA-49208
SECUNIA-49324
SECUNIA-50768
SECUNIA-51312
BID-53476
APPLE-SA-2013-06-04-1
DSA-2475
FEDORA-2012-18035
FEDORA-2012-7939
HPSBUX02814
IAVM:2013-A-0113
RHSA-2012:1306
RHSA-2012:1307
RHSA-2012:1308
SSRT100930
SSRT101108
VU#737740
http://cvs.openssl.org/chngview?cn=22538
http://cvs.openssl.org/chngview?cn=22547
http://support.apple.com/kb/HT5784
http://www.cert.fi/en/reports/2012/vulnerability641549.html
http://www.openssl.org/news/secadv_20120510.txt
https://bugzilla.redhat.com/show_bug.cgi?id=820686
openssl-tls-record-dos(75525)

CPE    99
cpe:/a:openssl:openssl:0.9.7:beta4
cpe:/a:openssl:openssl:0.9.7:beta5
cpe:/a:openssl:openssl:0.9.7:beta6
cpe:/a:redhat:openssl:0.9.7a-2
...
CWE    1
CWE-189
OVAL    16
oval:org.secpod.oval:def:302844
oval:org.secpod.oval:def:21274
oval:org.secpod.oval:def:1300056
oval:org.secpod.oval:def:20037
...

© 2013 SecPod Technologies