CVE-2012-2333 - Predisposed Factors

Description

Integer underflow in OpenSSL before 0.9.8x 1.0.0 before 1.0.0j and 1.0.1 before 1.0.1c when TLS 1.1 TLS 1.2 or DTLS is used with CBC encryption allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Reference

http://cvs.openssl.org/chngview?cn=22547 http://cvs.openssl.org/chngview?cn=22538 http://www.cert.fi/en/reports/2012/vulnerability641549.html https://bugzilla.redhat.com/show_bug.cgi?id=820686 http://www.openssl.org/news/secadv_20120510.txt http://www.securityfocus.com/bid/53476 http://secunia.com/advisories/49116 http://www.debian.org/security/2012/dsa-2475 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html http://secunia.com/advisories/49324 http://secunia.com/advisories/49208 http://www.securitytracker.com/id?1027057 http://rhn.redhat.com/errata/RHSA-2012-1306.html http://rhn.redhat.com/errata/RHSA-2012-1307.html http://rhn.redhat.com/errata/RHSA-2012-1308.html http://marc.info/?l=bugtraq&m=134919053717161&w=2 http://secunia.com/advisories/50768 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 http://secunia.com/advisories/51312 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://www.kb.cert.org/vuls/id/737740 http://marc.info/?l=bugtraq&m=136432043316835&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/75525 http://www.mandriva.com/security/advisories?name=MDVSA-2012:073 http://rhn.redhat.com/errata/RHSA-2012-0699.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html