CVE-2012-2333 Information

Description

Integer underflow in OpenSSL before 0.9.8x 1.0.0 before 1.0.0j and 1.0.1 before 1.0.1c when TLS 1.1 TLS 1.2 or DTLS is used with CBC encryption allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Reference

http://cvs.openssl.org/chngview?cn=22538 http://cvs.openssl.org/chngview?cn=22547 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html http://marc.info/?l=bugtraq&m=134919053717161&w=2 http://marc.info/?l=bugtraq&m=136432043316835&w=2 http://rhn.redhat.com/errata/RHSA-2012-0699.html http://rhn.redhat.com/errata/RHSA-2012-1306.html http://rhn.redhat.com/errata/RHSA-2012-1307.html http://rhn.redhat.com/errata/RHSA-2012-1308.html http://secunia.com/advisories/49116 http://secunia.com/advisories/49208 http://secunia.com/advisories/49324 http://secunia.com/advisories/50768 http://secunia.com/advisories/51312 http://support.apple.com/kb/HT5784 http://www.cert.fi/en/reports/2012/vulnerability641549.html http://www.debian.org/security/2012/dsa-2475 http://www.kb.cert.org/vuls/id/737740 http://www.mandriva.com/security/advisories?name=MDVSA-2012:073 http://www.openssl.org/news/secadv_20120510.txt http://www.securityfocus.com/bid/53476 http://www.securitytracker.com/id?1027057 https://bugzilla.redhat.com/show_bug.cgi?id=820686 https://exchange.xforce.ibmcloud.com/vulnerabilities/75525