Numeric Errors Affecting openssl package, versions >=1.0.0, <1.0.1
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
5.27% (93rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-OPENSSL-470901
- published 2 Oct 2019
- disclosed 19 Apr 2012
- credit Unknown
Introduced: 19 Apr 2012
CVE-2012-2333 Open this link in a new tabHow to fix?
Upgrade OpenSSL
to version 1.0.1 or higher.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Numeric Errors. OpenSSL is vulnerable to denial of service (DoS) attacks and possibly other attacks. These attacks are possible because there is an integer underflow when TLS 1.1, TLS 1.2 or DTLS is used with CBC encryption.
References
- Apple Security Advisory
- Apple Security Announcement
- Cert Vulnerability Note
- Debian Security Advisory
- Fedora Security Announcement
- Fedora Security Announcement
- HP Security Bulletin
- HP Security Bulletin
- http://cvs.openssl.org/chngview?cn=22538
- http://cvs.openssl.org/chngview?cn=22547
- http://www.cert.fi/en/reports/2012/vulnerability641549.html
- http://www.openssl.org/news/secadv_20120510.txt
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- RedHat Bugzilla Bug
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Tracker
- X-force Vulnerability Report