Signature Detail
Short Name |
SSL:OPENSSL-AES-NI-INTUDF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
OpenSSL AES-NI Integer Underflow |
Release Date |
2013/05/31 |
Update Number |
2269 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: OpenSSL AES-NI Integer Underflow
This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.
Extended Description
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Affected Products
- openssl 1.0.1
- openssl 1.0.1a
- openssl 1.0.1b
- openssl 1.0.1c
References
- CVE: CVE-2012-2686