1. Home
  2. CVE Database
  3. CVE-2012-2333
MEDIUM · 6.8

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of servi...

Vulnerability Description

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
OpensslOpenssl<= 0.9.8w
RedhatOpenssl0.9.6-15

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2012-2333?

CVE-2012-2333 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of servi...

How severe is CVE-2012-2333?

CVE-2012-2333 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2333?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Redhat Openssl.