Back to search
CVE-2012-2110
Published: Apr 19, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SU-2012:0623
vendor-advisory
x_refsource_SUSE
SUSE-SU-2012:1149
vendor-advisory
x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
x_refsource_CONFIRM
SSRT101210
vendor-advisory
x_refsource_HP
FEDORA-2012-18035
vendor-advisory
x_refsource_FEDORA
48899
third-party-advisory
x_refsource_SECUNIA
20120419 incorrect integer conversions in OpenSSL can result in memory corruption.
mailing-list
x_refsource_FULLDISC
RHSA-2012:1308
vendor-advisory
x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22434
x_refsource_CONFIRM
MDVSA-2012:060
vendor-advisory
x_refsource_MANDRIVA
RHSA-2012:1307
vendor-advisory
x_refsource_REDHAT
18756
exploit
x_refsource_EXPLOIT-DB
RHSA-2012:0518
vendor-advisory
x_refsource_REDHAT
DSA-2454
vendor-advisory
x_refsource_DEBIAN
http://support.apple.com/kb/HT5784
x_refsource_CONFIRM
APPLE-SA-2013-06-04-1
vendor-advisory
x_refsource_APPLE
USN-1424-1
vendor-advisory
x_refsource_UBUNTU
48895
third-party-advisory
x_refsource_SECUNIA
48847
third-party-advisory
x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=22439
x_refsource_CONFIRM
RHSA-2012:1306
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2012:0637
vendor-advisory
x_refsource_SUSE
RHSA-2012:0522
vendor-advisory
x_refsource_REDHAT
FEDORA-2012-6343
vendor-advisory
x_refsource_FEDORA
HPSBOV02793
vendor-advisory
x_refsource_HP
57353
third-party-advisory
x_refsource_SECUNIA
53158
vdb-entry
x_refsource_BID
HPSBUX02782
vendor-advisory
x_refsource_HP
SSRT100891
vendor-advisory
x_refsource_HP
FEDORA-2012-6395
vendor-advisory
x_refsource_FEDORA
SSRT100852
vendor-advisory
x_refsource_HP
48942
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20120419.txt
x_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22431
x_refsource_CONFIRM
1026957
vdb-entry
x_refsource_SECTRACK
48999
third-party-advisory
x_refsource_SECUNIA
HPSBMU02776
vendor-advisory
x_refsource_HP
81223
vdb-entry
x_refsource_OSVDB
HPSBMU02900
vendor-advisory
x_refsource_HP
FEDORA-2012-6403
vendor-advisory
x_refsource_FEDORA
https://kb.juniper.net/KB27376
x_refsource_CONFIRM
SSRT100844
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now