You are here

U-167: OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service

May 11, 2012 - 7:00am

Addthis

PROBLEM:

OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service

PLATFORM:

Prior to versions 0.9.8x, 1.0.0j, 1.0.1c

ABSTRACT:

A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions.

reference LINKS:

SecurityTracker Alert ID: 1027057
CVE-2012-2333
OpenSSL Advisory

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send specially crafted TLS/DTLS records to cause denial of service conditions. The CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS are affected, both clients and servers are affected.

DTLS is affected in all versions of OpenSSL. TLS is affected in OpenSSL version 1.0.1 and later.

Impact:

A remote user can cause denial of service conditions.

Solution:

The vendor has issued a fix (0.9.8x, 1.0.0j, 1.0.1c).

 

Addthis