Lucene search

[email protected]NVD:CVE-2012-2333

HistoryMay 14, 2012 - 10:55 p.m.

CVE-2012-2333

2012-05-1422:55:03

CWE-189

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8w

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8mbeta1

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch0.9.8q

opensslopensslMatch0.9.8r

opensslopensslMatch0.9.8s

opensslopensslMatch0.9.8t

opensslopensslMatch0.9.8u

opensslopensslMatch0.9.8v

redhatopensslMatch0.9.6-15

redhatopensslMatch0.9.6b-3

redhatopensslMatch0.9.7a-2

Node

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

opensslopensslMatch1.0.0h

Node

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1beta1

opensslopensslMatch1.0.1beta2

opensslopensslMatch1.0.1beta3

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

References

cvs.openssl.org/chngview?cn=22538

cvs.openssl.org/chngview?cn=22547

lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html

lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html

marc.info/?l=bugtraq&m=134919053717161&w=2

marc.info/?l=bugtraq&m=136432043316835&w=2

rhn.redhat.com/errata/RHSA-2012-0699.html

rhn.redhat.com/errata/RHSA-2012-1306.html

rhn.redhat.com/errata/RHSA-2012-1307.html

rhn.redhat.com/errata/RHSA-2012-1308.html

secunia.com/advisories/49116

secunia.com/advisories/49208

secunia.com/advisories/49324

secunia.com/advisories/50768

secunia.com/advisories/51312

support.apple.com/kb/HT5784

www.cert.fi/en/reports/2012/vulnerability641549.html

www.debian.org/security/2012/dsa-2475

www.kb.cert.org/vuls/id/737740

www.mandriva.com/security/advisories?name=MDVSA-2012:073

www.openssl.org/news/secadv_20120510.txt

www.securityfocus.com/bid/53476

www.securitytracker.com/id?1027057

bugzilla.redhat.com/show_bug.cgi?id=820686

exchange.xforce.ibmcloud.com/vulnerabilities/75525

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Related for NVD:CVE-2012-2333

nessus29 openvas32 altlinux5 cve2 ibm8 openssl1 fedora5 securityvulns2 prion2 freebsd1 suse3 ubuntucve1 f52 cvelist2 veracode2 amazon1 debian1 debiancve1 oraclelinux5 ubuntu1 centos1 nvd1 redhat4 aix1 gentoo1 cert1 lenovo2