PROBLEM:
OpenSSL Invalid TLS/DTLS Record Processing Lets Remote Users Deny Service
PLATFORM:
Prior to versions 0.9.8x, 1.0.0j, 1.0.1c
ABSTRACT:
A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions.
reference LINKS:
SecurityTracker Alert ID: 1027057
CVE-2012-2333
OpenSSL Advisory
IMPACT ASSESSMENT:
High
Discussion:
A remote user can send specially crafted TLS/DTLS records to cause denial of service conditions. The CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS are affected, both clients and servers are affected.
DTLS is affected in all versions of OpenSSL. TLS is affected in OpenSSL version 1.0.1 and later.
Impact:
A remote user can cause denial of service conditions.
Solution:
The vendor has issued a fix (0.9.8x, 1.0.0j, 1.0.1c).