UBUNTU-CVE-2012-2333

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2012-2333

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2333.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2012-2333

Related

CVE-2012-2333
USN-1451-1

Published

2012-05-14T00:00:00Z

Modified

2012-05-14T00:00:00Z

Summary

[none]

Details

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

References

Affected packages

Ubuntu:14.04:LTS / openssl098

Package

Name: openssl098
Purl: pkg:deb/ubuntu/openssl098@0.9.8o-7ubuntu3.2.14.04.1?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.8o-7ubuntu3.2.14.04.1

Affected versions

0.*

0.9.8o-7ubuntu3.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libcrypto0.9.8-udeb": "0.9.8o-7ubuntu3.2.14.04.1",
            "libssl0.9.8-dbg": "0.9.8o-7ubuntu3.2.14.04.1",
            "libssl0.9.8": "0.9.8o-7ubuntu3.2.14.04.1"
        }
    ]
}