CVE Vulnerabilities

CVE-2012-2686

Published: Feb 08, 2013 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 1.0.1c 1.0.1c
Openssl Openssl 1.0.1a 1.0.1a
Openssl Openssl 1.0.1b 1.0.1b
Openssl Openssl 1.0.1 1.0.1

References