Rapid7 Vulnerability & Exploit Database

USN-1451-1: OpenSSL vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-1451-1: OpenSSL vulnerabilities

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

05/14/2012

Created

07/25/2018

Added

05/06/2013

Modified

07/09/2020

Description

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Solution(s)

ubuntu-upgrade-libssl0-9-8
ubuntu-upgrade-libssl1-0-0
ubuntu-upgrade-openssl

References

https://attackerkb.com/topics/cve-2012-0884
APPLE-SA-2013-06-04-1
53476
737740
CVE - 2012-0884
CVE - 2012-2333
DSA-2454
DSA-2475
RHSA-2012:0488
RHSA-2012:0531
RHSA-2012:1306
RHSA-2012:1307
RHSA-2012:1308
USN-1451-1
75525

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;