Home > Vulnerability Database > CVE-2012-2333

Mend.io Vulnerability Database

CVE-2012-2333

Good to know:

Date: May 14, 2012

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Language: C

Severity Score

5.6

Related Resources (33)

Url: https://security-tracker.debian.org/tracker/CVE-2012-2333

Url: http://www.securityfocus.com/bid/53476

Url: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html

Url: http://www.openssl.org/news/secadv_20120510.txt

Url: http://rhn.redhat.com/errata/RHSA-2012-1307.html

Url: http://secunia.com/advisories/51312

Url: http://secunia.com/advisories/50768

Url: http://secunia.com/advisories/49208

Url: http://rhn.redhat.com/errata/RHSA-2012-1308.html

Url: http://rhn.redhat.com/errata/RHSA-2012-0699.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

Url: http://cvs.openssl.org/chngview?cn=22538

Url: http://secunia.com/advisories/49324

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:073

Url: http://marc.info/?l=bugtraq&m=136432043316835&w=2

Url: http://www.debian.org/security/2012/dsa-2475

Url: https://access.redhat.com/security/cve/CVE-2012-2333

Url: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Url: http://www.cert.fi/en/reports/2012/vulnerability641549.html

Url: http://support.apple.com/kb/HT5784

Url: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=820686

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-2333

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-2333

Url: http://www.kb.cert.org/vuls/id/737740

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html

Url: http://marc.info/?l=bugtraq&m=134919053717161&w=2

Url: http://www.securitytracker.com/id?1027057

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/75525

Url: http://secunia.com/advisories/49116

Url: http://cvs.openssl.org/chngview?cn=22547

Url: http://rhn.redhat.com/errata/RHSA-2012-1306.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-2333

Severity Score

5.6

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

Upgrade Version

Upgrade to version 0.9.8x,1.0.0j,1.0.1c

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-2333

Good to know:

Date: May 14, 2012

Language: C

Severity Score

Related Resources (33)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?