Lucene search

K
ubuntuUbuntuUSN-1451-1
HistoryMay 24, 2012 - 12:00 a.m.

OpenSSL vulnerabilities

2012-05-2400:00:00
ubuntu.com
43

8.5 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.0%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

Ivan Nestlerode discovered that the Cryptographic Message Syntax
(CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)

It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333)

Rows per page:
1-10 of 291