CVE-2012-2333

Priority
Medium
Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1
before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via a crafted TLS packet that is not
properly handled during a certain explicit IV calculation.
References
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (0.9.8o-7ubuntu3.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.9.8o-7ubuntu3.2.14.04.1)
Package
Upstream:released (1.0.1c-1)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1-4ubuntu6)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2475
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:39 UTC (commit 9756)