PT-2013-1203 · Openssl+1 · Openssl+1

Vincent Danen

Published

2013-02-08

Updated

2024-06-15

CVE-2012-2686

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1d OpenSSL versions prior to 1.0.0j OpenSSL versions prior to 0.9.8y

Description The issue affects the AES-NI functionality in the TLS 1.1 and 1.2 implementations, allowing remote attackers to cause a denial of service via crafted CBC data. Multiple vulnerabilities in the OpenSSL package can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For versions prior to 1.0.1d, update to version 1.0.1d or later. For versions prior to 1.0.0j, update to version 1.0.0j or later. For versions prior to 0.9.8y, update to version 0.9.8y or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-09677

CVE-2012-2686

HPSBUX02909

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

SUSE-FU-2022:0445-1

Affected Products

Hp-Ux

Openssl

PT-2013-1203 · Openssl+1 · Openssl+1

CVE-2012-2686

Weakness Enumeration

Related Identifiers

Affected Products

References · 157