PRIOn knowledge basePRION:CVE-2012-2333Integer overflow
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssl | eq | 0.9.7 beta5 | |
| openssl | eq | 0.9.7 beta3 | |
| openssl | eq | 0.9.5a beta2 | |
| openssl | eq | 0.9.7 beta6 | |
| openssl | eq | 0.9.898 | |
| openssl | eq | 0.9.7108 | |
| openssl | eq | 0.9.6105 | |
| openssl | eq | 0.9.8109 | |
| openssl | eq | 0.9.3 | |
| openssl | eq | 0.9.899 |
References
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
rhn.redhat.com/errata/RHSA-2012-0699.html
rhn.redhat.com/errata/RHSA-2012-1306.html
rhn.redhat.com/errata/RHSA-2012-1307.html
rhn.redhat.com/errata/RHSA-2012-1308.html
secunia.com/advisories/49116
secunia.com/advisories/49208
secunia.com/advisories/49324
secunia.com/advisories/50768
secunia.com/advisories/51312
support.apple.com/kb/HT5784
www.cert.fi/en/reports/2012/vulnerability641549.html
www.debian.org/security/2012/dsa-2475
www.kb.cert.org/vuls/id/737740
www.mandriva.com/security/advisories?name=MDVSA-2012:073
www.securityfocus.com/bid/53476
www.securitytracker.com/id?1027057
bugzilla.redhat.com/show_bug.cgi?id=820686
cvs.openssl.org/chngview?cn=22538
cvs.openssl.org/chngview?cn=22547
exchange.xforce.ibmcloud.com/vulnerabilities/75525
lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
marc.info/?l=bugtraq&m=134919053717161&w=2
marc.info/?l=bugtraq&m=136432043316835&w=2
www.openssl.org/news/secadv_20120510.txt
Related
