FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2686

This CVE name corresponds to:

Entered Topic
2013-02-06 OpenSSL -- TLS 1.1, 1.2 denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-2686 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-2686
Phase Assigned(20120514)

Description

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

References

Source Reference
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721
CONFIRM http://www.openssl.org/news/secadv_20130204.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=908029
CONFIRM http://support.apple.com/kb/HT5880
APPLE APPLE-SA-2013-09-12-1
HP HPSBUX02909
HP SSRT101289
BID 57755
OVAL oval:org.mitre.oval:def:18868
OVAL oval:org.mitre.oval:def:19660
SECUNIA 55108
SECUNIA 55139

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.