Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-2333

Опубликовано: 10 мая 2012
Источник: redhat
CVSS2: 5

Описание

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Отчет

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3 and 4. The openssl versions in Red Hat Enterprise Linux 5 and 6 were partially affected, as they support DTLS, but they do not support TLS 1.1 and TLS 1.2. This issue was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0699.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat JBoss Enterprise Web Server 1opensslAffected
Red Hat Enterprise Linux 5opensslFixedRHSA-2012:069929.05.2012
Red Hat Enterprise Linux 6opensslFixedRHSA-2012:069929.05.2012
Red Hat JBoss Enterprise Application Platform 5.1FixedRHSA-2012:130724.09.2012
Red Hat JBoss Enterprise Application Platform 6.0FixedRHSA-2012:130824.09.2012
Red Hat JBoss Web Server 1.0FixedRHSA-2012:130624.09.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=820686openssl: record length handling integer underflow

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-2333

ubuntu
почти 14 лет назад

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

nvd логотип

CVE-2012-2333

nvd
почти 14 лет назад

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

debian логотип

CVE-2012-2333

debian
почти 14 лет назад

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1 ...

github логотип

GHSA-45m2-xm5p-3949

github
почти 4 года назад

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

oracle-oval логотип

ELSA-2012-0699

oracle-oval
почти 14 лет назад

ELSA-2012-0699: openssl security and bug fix update (MODERATE)

5 Medium

CVSS2