CVE-2012-2333

Priority
Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1
before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via a crafted TLS packet that is not
properly handled during a certain explicit IV calculation.
Assigned-to
sbeattie
Notes
Package
Upstream:released (1.0.1c-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.0.1-4ubuntu6)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2475
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [0.9.8o-7ubuntu3.2.14.04.1])
More Information

Updated: 2020-01-29 19:44:01 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)