Published: 14/05/2012 Updated: 05/01/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer underflow in OpenSSL prior to 0.9.8x, 1.0.0 prior to 1.0.0j, and 1.0.1 prior to 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote malicious users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 0.9.8m
openssl openssl 0.9.8g
openssl openssl 0.9.8f
openssl openssl 0.9.8p
openssl openssl 0.9.8h
openssl openssl
openssl openssl 0.9.8v
openssl openssl 0.9.8q
openssl openssl 0.9.8o
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.7
openssl openssl 0.9.7d
openssl openssl 0.9.7g
openssl openssl 0.9.7j
openssl openssl 0.9.6
openssl openssl 0.9.6b
openssl openssl 0.9.6e
redhat openssl 0.9.6-15
openssl openssl 0.9.8u
openssl openssl 0.9.8t
openssl openssl 0.9.8s
openssl openssl 0.9.8l
openssl openssl 0.9.8
openssl openssl 0.9.8a
redhat openssl 0.9.7a-2
openssl openssl 0.9.7e
openssl openssl 0.9.7b
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.6g
openssl openssl 0.9.6d
openssl openssl 0.9.6k
openssl openssl 0.9.5a
openssl openssl 0.9.1c
openssl openssl 0.9.8e
openssl openssl 0.9.8c
openssl openssl 0.9.7m
openssl openssl 0.9.7c
openssl openssl 0.9.7h
openssl openssl 0.9.6a
openssl openssl 0.9.6f
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6m
openssl openssl 0.9.5
openssl openssl 0.9.3a
openssl openssl 0.9.3
openssl openssl 0.9.2b
openssl openssl 0.9.8n
openssl openssl 0.9.8r
openssl openssl 0.9.8k
openssl openssl 0.9.8b
openssl openssl 0.9.8d
openssl openssl 0.9.7a
openssl openssl 0.9.7i
openssl openssl 0.9.7f
openssl openssl 0.9.6h
openssl openssl 0.9.6c
openssl openssl 0.9.6l
redhat openssl 0.9.6b-3
openssl openssl 0.9.4
openssl openssl 1.0.0a
openssl openssl 1.0.0b
openssl openssl 1.0.0
openssl openssl 1.0.0c
openssl openssl 1.0.0d
openssl openssl 1.0.0g
openssl openssl 1.0.0h
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 1.0.1
openssl openssl 1.0.1a
openssl openssl 1.0.1b

Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix one security issue and one bug are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity im ...

Debian Bug report logs - #672452 CVE-2012-2333: OpenSSL invalid TLS/DTLS record attack Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 11 May 2012 07: ...

Applications using OpenSSL in certain situations could be made to crash or expose sensitive information ...

It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 11, 12, and DTLS An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash) For the stable distribution (squeeze), this problem has been fixe ...

An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode A malicious DTLS client or server could use this flaw to crash its DTLS connection peer (CVE-2012-2333) ...

CWE-189 http://cvs.openssl.org/chngview?cn=22547 http://cvs.openssl.org/chngview?cn=22538 http://www.cert.fi/en/reports/2012/vulnerability641549.html https://bugzilla.redhat.com/show_bug.cgi?id=820686 http://www.openssl.org/news/secadv_20120510.txt http://www.securityfocus.com/bid/53476 http://secunia.com/advisories/49116 http://www.debian.org/security/2012/dsa-2475 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html http://secunia.com/advisories/49324 http://secunia.com/advisories/49208 http://www.securitytracker.com/id?1027057 http://rhn.redhat.com/errata/RHSA-2012-1306.html http://rhn.redhat.com/errata/RHSA-2012-1307.html http://rhn.redhat.com/errata/RHSA-2012-1308.html http://marc.info/?l=bugtraq&m=134919053717161&w=2 http://secunia.com/advisories/50768 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 http://secunia.com/advisories/51312 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://www.kb.cert.org/vuls/id/737740 http://marc.info/?l=bugtraq&m=136432043316835&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/75525 http://www.mandriva.com/security/advisories?name=MDVSA-2012:073 http://rhn.redhat.com/errata/RHSA-2012-0699.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html https://access.redhat.com/errata/RHSA-2012:0699 https://usn.ubuntu.com/1451-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/737740

CVE-2012-2333

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect