#VU32808 Out-of-bounds read in OpenSSL - CVE-2012-2333

Cybersecurity Help s.r.o.

Published: 2012-05-15 | Updated: 2020-07-28

Vulnerability identifier: #VU32808

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-2333

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,. A remote attacker can perform a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Mitigation
The vendor has issued the following versions to address this vulnerability: 0.9.8x, 1.0.1c.

Vulnerable software versions

OpenSSL: 0.9.0b, 0.9.1c - 0.9.1b, 0.9.2b, 0.9.3a - 0.9.3, 0.9.4, 0.9.5a - 0.9.5, 0.9.6g - 0.9.6-15, 0.9.7g - 0.9.7, 0.9.8g - 0.9.8p, 1.0.0k - 1.0.0p, 1.0.1a - 1.0.1

External links
https://cvs.openssl.org/chngview?cn=22538
https://cvs.openssl.org/chngview?cn=22547
https://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
https://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
https://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
https://marc.info/?l=bugtraq&m=134919053717161&w=2
https://marc.info/?l=bugtraq&m=136432043316835&w=2
https://rhn.redhat.com/errata/RHSA-2012-0699.html
https://rhn.redhat.com/errata/RHSA-2012-1306.html
https://rhn.redhat.com/errata/RHSA-2012-1307.html
https://rhn.redhat.com/errata/RHSA-2012-1308.html
https://secunia.com/advisories/49116
https://secunia.com/advisories/49208
https://secunia.com/advisories/49324
https://secunia.com/advisories/50768
https://secunia.com/advisories/51312
https://support.apple.com/kb/HT5784
https://www.cert.fi/en/reports/2012/vulnerability641549.html
https://www.debian.org/security/2012/dsa-2475
https://www.kb.cert.org/vuls/id/737740
https://www.mandriva.com/security/advisories?name=MDVSA-2012:073
https://www.openssl.org/news/secadv_20120510.txt
https://www.securityfocus.com/bid/53476
https://www.securitytracker.com/id?1027057
https://bugzilla.redhat.com/show_bug.cgi?id=820686
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HP SSL for OpenVMS

Out-of-bounds read in HP-UX Running OpenSSL

Amazon Linux AMI update for openssl

SUSE Linux update for openssl

Out-of-bounds read in OpenSSL

Out-of-bounds read in openssl (Alpine package)