Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-2110

Опубликовано: 19 апр. 2012
Источник: redhat
CVSS2: 7.5

Описание

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3openssl096bWill not fix
Red Hat Enterprise Linux 4openssl096bWill not fix
Red Hat Enterprise Linux Extended Update Support 5.3opensslAffected
Red Hat JBoss Enterprise Web Server 1opensslAffected
Red Hat Enterprise Linux 3 Extended Lifecycle SupportopensslFixedRHSA-2012:052225.04.2012
Red Hat Enterprise Linux 4 Extended Lifecycle SupportopensslFixedRHSA-2012:052225.04.2012
Red Hat Enterprise Linux 5opensslFixedRHSA-2012:051824.04.2012
Red Hat Enterprise Linux 5openssl097aFixedRHSA-2012:051824.04.2012
Red Hat Enterprise Linux 5.3 Long LifeopensslFixedRHSA-2012:052225.04.2012
Red Hat Enterprise Linux 5.6 EUS - Server OnlyopensslFixedRHSA-2012:052225.04.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-681->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=814185openssl: asn1_d2i_read_bio integer errors leading to buffer overflow

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-2110

ubuntu
почти 14 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

nvd логотип

CVE-2012-2110

nvd
почти 14 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

debian логотип

CVE-2012-2110

debian
почти 14 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL be ...

github логотип

GHSA-mm35-fwq5-v845

github
больше 3 лет назад

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

oracle-oval логотип

ELSA-2012-0518

oracle-oval
почти 14 лет назад

ELSA-2012-0518: openssl security update (IMPORTANT)

7.5 High

CVSS2

Уязвимость CVE-2012-2110