Description

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Remediation

References

CVE-2012-2686

Related Vulnerabilities

Oracle Application Server CVE-2006-0291 Vulnerability (CVE-2006-0291)

WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9578)

WordPress Plugin 1 Flash Gallery 'upload.php' Arbitrary File Upload (1.5.7)

PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)

Severity

Medium

Classification

CVE-2012-2686

Tags

Missing Update Known Vulnerabilities