Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-2110

Опубликовано: 19 апр. 2012
Источник: redhat
CVSS2: 7.5
EPSS Низкий

Описание

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3openssl096bWill not fix
Red Hat Enterprise Linux 4openssl096bWill not fix
Red Hat Enterprise Linux Extended Update Support 5.3opensslAffected
Red Hat JBoss Enterprise Web Server 1opensslAffected
Red Hat Enterprise Linux 3 Extended Lifecycle SupportopensslFixedRHSA-2012:052225.04.2012
Red Hat Enterprise Linux 4 Extended Lifecycle SupportopensslFixedRHSA-2012:052225.04.2012
Red Hat Enterprise Linux 5opensslFixedRHSA-2012:051824.04.2012
Red Hat Enterprise Linux 5openssl097aFixedRHSA-2012:051824.04.2012
Red Hat Enterprise Linux 5.3 Long LifeopensslFixedRHSA-2012:052225.04.2012
Red Hat Enterprise Linux 5.6 EUS - Server OnlyopensslFixedRHSA-2012:052225.04.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-681->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=814185openssl: asn1_d2i_read_bio integer errors leading to buffer overflow

EPSS

Процентиль: 90%
0.06197
Низкий

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-2110

ubuntu
больше 13 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

nvd логотип

CVE-2012-2110

nvd
больше 13 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

debian логотип

CVE-2012-2110

debian
больше 13 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL be ...

github логотип

GHSA-mm35-fwq5-v845

github
больше 3 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

oracle-oval логотип

ELSA-2012-0518

oracle-oval
больше 13 лет назад

ELSA-2012-0518: openssl security update (IMPORTANT)

EPSS

Процентиль: 90%
0.06197
Низкий

7.5 High

CVSS2