RedhatCVELIST:CVE-2012-2333CVE-2012-2333
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
cvs.openssl.org/chngview?cn=22538
cvs.openssl.org/chngview?cn=22547
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
marc.info/?l=bugtraq&m=134919053717161&w=2
marc.info/?l=bugtraq&m=136432043316835&w=2
rhn.redhat.com/errata/RHSA-2012-0699.html
rhn.redhat.com/errata/RHSA-2012-1306.html
rhn.redhat.com/errata/RHSA-2012-1307.html
rhn.redhat.com/errata/RHSA-2012-1308.html
secunia.com/advisories/49116
secunia.com/advisories/49208
secunia.com/advisories/49324
secunia.com/advisories/50768
secunia.com/advisories/51312
support.apple.com/kb/HT5784
www.cert.fi/en/reports/2012/vulnerability641549.html
www.debian.org/security/2012/dsa-2475
www.kb.cert.org/vuls/id/737740
www.mandriva.com/security/advisories?name=MDVSA-2012:073
www.openssl.org/news/secadv_20120510.txt
www.securityfocus.com/bid/53476
www.securitytracker.com/id?1027057
bugzilla.redhat.com/show_bug.cgi?id=820686
exchange.xforce.ibmcloud.com/vulnerabilities/75525
Related
