CVE-2012-2686

Severity

50%

Complexity

99%

Confidentiality

48%

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 12 years ago

2013-02-08 19:55:00

Last updated 6 years ago

2018-08-09 01:29:00

Affected Software

OpenSSL Project OpenSSL 1.0.1

1.0.1

OpenSSL Project OpenSSL 1.0.1a

1.0.1a

OpenSSL Project OpenSSL 1.0.1b

1.0.1b

OpenSSL Project OpenSSL 1.0.1c

1.0.1c

References

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721

Patch

APPLE-SA-2013-09-12-1

SSRT101289

55108

55139

http://support.apple.com/kb/HT5880

http://www.openssl.org/news/secadv_20130204.txt

Vendor Advisory

57755

https://bugzilla.redhat.com/show_bug.cgi?id=908029

oval:org.mitre.oval:def:18868

oval:org.mitre.oval:def:19660

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.