Описание
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Отчет
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3 and 4. The openssl versions in Red Hat Enterprise Linux 5 and 6 were partially affected, as they support DTLS, but they do not support TLS 1.1 and TLS 1.2. This issue was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0699.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | openssl | Not affected | ||
| Red Hat Enterprise Linux 4 | openssl | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | openssl | Affected | ||
| Red Hat Enterprise Linux 5 | openssl | Fixed | RHSA-2012:0699 | 29.05.2012 |
| Red Hat Enterprise Linux 6 | openssl | Fixed | RHSA-2012:0699 | 29.05.2012 |
| Red Hat JBoss Enterprise Application Platform 5.1 | Fixed | RHSA-2012:1307 | 24.09.2012 | |
| Red Hat JBoss Enterprise Application Platform 6.0 | Fixed | RHSA-2012:1308 | 24.09.2012 | |
| Red Hat JBoss Web Server 1.0 | Fixed | RHSA-2012:1306 | 24.09.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1 ...
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
ELSA-2012-0699: openssl security and bug fix update (MODERATE)
EPSS
5 Medium
CVSS2