CVE-2012-2686 | Vulnerability Database | Aqua Security

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	1.0.1 (including)	1.0.1 (including)
Openssl	Openssl	1.0.1a (including)	1.0.1a (including)
Openssl	Openssl	1.0.1b (including)	1.0.1b (including)
Openssl	Openssl	1.0.1c (including)	1.0.1c (including)
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	precise	*
Openssl	Ubuntu	quantal	*
Openssl	Ubuntu	upstream	*

References

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=125093b59f3c2a2d33785b5563d929d0472f1721
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
http://support.apple.com/kb/HT5880
http://www.openssl.org/news/secadv_20130204.txt
http://www.securityfocus.com/bid/57755
https://bugzilla.redhat.com/show_bug.cgi?id=908029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2686
CWE	https://cwe.mitre.org/data/definitions/310.html