CVE-2012-2333
openssl - integer underflow
EPSS 6.8%
Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
How to fix CVE-2012-2333
To remediate CVE-2012-2333, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1c-1 or later
- Debian/openssl—upgrade to 0.9.8o-4squeeze13 or later
Is CVE-2012-2333 being exploited?
Moderate — EPSS is 6.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.1c-1
- from 0, < 0.9.8o-4squeeze13