Red Hat Customer Portal

Skip to main content

CVE-2012-2686

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for TLS 1.2 or 1.1.

Public Date

2013-02-05 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-2686 openssl: DoS due to improper handling of CBC ciphersuites in TLS 1.1/1.2 on AES-NI supporting platforms

Bugzilla ID

908 029

CVSS Status

draft

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

External References

http://www.openssl.org/news/secadv_20130205.txt

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openssl098e Not affected
Red Hat Enterprise Linux 6 openssl Not affected
Red Hat Enterprise Linux 5 openssl097a Not affected
Red Hat Enterprise Linux 5 openssl Not affected