Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-2686
HistoryFeb 08, 2013 - 12:00 a.m.

CVE-2012-2686

2013-02-0800:00:00
ubuntu.com
ubuntu.com
13

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.183 Low

EPSS

Percentile

96.2%

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1
and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote
attackers to cause a denial of service (application crash) via crafted CBC
data.

Bugs

Notes

Author Note
jdstrand only 1.0.1
mdeslaur fix included in CVE-2013-0169 patches fix reverted in usn-1732-2 because of regression
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchopenssl< 1.0.1-4ubuntu5.8UNKNOWN
ubuntu12.10noarchopenssl< 1.0.1c-3ubuntu2.3UNKNOWN

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.183 Low

EPSS

Percentile

96.2%