CVE-2012-2333

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-2333

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-2333.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-2333

Related

Published

2012-05-14T22:55:03Z

Modified

2024-09-18T01:00:20Z

Summary

[none]

Details

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

References

Affected packages

Debian:11 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1c-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1c-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1c-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}