Описание
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.0.1-4ubuntu3 |
| hardy | released | 0.9.8g-4ubuntu3.17 |
| lucid | released | 0.9.8k-7ubuntu8.10 |
| natty | released | 0.9.8o-5ubuntu1.4 |
| oneiric | released | 1.0.0e-2ubuntu4.4 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.9.8o-7ubuntu3.1 |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | released | 0.9.8o-7ubuntu1.2 |
| upstream | needs-triage |
Показывать по
7.5 High
CVSS2
Связанные уязвимости
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL be ...
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
7.5 High
CVSS2