Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References (28)
Core 28
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53476
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49116
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=134919053717161&w=2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51312
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1308.html
Vendor Advisory x_refsource_confirm
http://cvs.openssl.org/chngview?cn=22538
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1307.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=136432043316835&w=2
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5784
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49208
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/737740
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=820686
Vendor Advisory x_refsource_confirm
http://cvs.openssl.org/chngview?cn=22547
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1306.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50768
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49324
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20120510.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027057
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
Various Sources x_refsource_misc
http://www.cert.fi/en/reports/2012/vulnerability641549.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2475
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:073
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0699.html
Scores
EPSS
0.0676
EPSS Percentile
91.4%
Details
CWE
CWE-189
Status
published
Products (34)
openssl/openssl
0.9.1c
openssl/openssl
0.9.2b
openssl/openssl
0.9.3
openssl/openssl
0.9.3a
openssl/openssl
0.9.4
openssl/openssl
0.9.5 (3 CPE variants)
openssl/openssl
0.9.5a (3 CPE variants)
openssl/openssl
0.9.6 (4 CPE variants)
openssl/openssl
0.9.6a (4 CPE variants)
openssl/openssl
0.9.6b
... and 24 more
Published
May 14, 2012
Tracked Since
Feb 18, 2026