CVE-2012-2333

CWE-189 CWE-190 — Integer Overflow10 documents8 sources

Severity

6.8MEDIUM

EPSS

6.8%

top 8.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Openssl Redhat Openssl

Timeline

PublishedMay 14

Latest updateMay 14

Description

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianopenssl< 1.0.1c-1+3

▶NVDopenssl/openssl0.9.8w+70

▶NVDredhat/openssl0.9.6-15, 0.9.6b-3, 0.9.7a-2+2

🔴Vulnerability Details

GHSA

GHSA-45m2-xm5p-3949: Integer underflow in OpenSSL before 0↗2022-05-14

▶

CVEList

CVE-2012-2333: Integer underflow in OpenSSL before 0↗2012-05-14

▶

OSV

CVE-2012-2333: Integer underflow in OpenSSL before 0↗2012-05-14

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2012-05-24

▶

Red Hat

openssl: record length handling integer underflow↗2012-05-10

▶

Debian

CVE-2012-2333: openssl - Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 befor...↗2012

▶

💬Community

Bugzilla

CVE-2012-2333 openssl: record length handling integer underflow↗2012-05-10

▶

Bugzilla

CVE-2012-2333 openssl: record length handling integer underflow [fedora-all]↗2012-05-10

▶

Bugzilla

CVE-2012-2333 openssl: record length handling integer underflow [fedora-all]↗2012-05-10

▶