CVE-2012-2333
Published: 14 May 2012
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Priority
Status
Package | Release | Status |
---|---|---|
openssl Launchpad, Ubuntu, Debian |
hardy |
Released
(0.9.8g-4ubuntu3.19)
|
upstream |
Released
(1.0.1c-1)
|
|
lucid |
Released
(0.9.8k-7ubuntu8.13)
|
|
natty |
Released
(0.9.8o-5ubuntu1.7)
|
|
oneiric |
Released
(1.0.0e-2ubuntu4.6)
|
|
precise |
Released
(1.0.1-4ubuntu5.2)
|
|
quantal |
Released
(1.0.1-4ubuntu6)
|
|
raring |
Released
(1.0.1-4ubuntu6)
|
|
saucy |
Released
(1.0.1-4ubuntu6)
|
|
trusty |
Released
(1.0.1-4ubuntu6)
|
|
Patches: vendor: http://www.debian.org/security/2012/dsa-2475 |
||
openssl098 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(0.9.8o-7ubuntu3.2)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(0.9.8o-7ubuntu3.2.13.10.1)
|
|
trusty |
Released
(0.9.8o-7ubuntu3.2.14.04.1)
|
|
upstream |
Needs triage
|