ID CVE-2012-2131
Summary Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2013-06-04-1
bid 53212
confirm
debian DSA-2454
hp
  • HPSBOV02793
  • HPSBUX02782
  • SSRT100844
  • SSRT100891
mandriva MDVSA-2012:064
mlist [oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
sectrack 1026957
secunia
  • 48895
  • 48956
  • 57353
suse
  • SUSE-SU-2012:0623
  • SUSE-SU-2012:0637
  • SUSE-SU-2012:1149
ubuntu USN-1428-1
xf openssl-asn1-code-execution(75099)
Last major update 05-01-2018 - 02:29
Published 24-04-2012 - 20:55
Last modified 05-01-2018 - 02:29
Back to Top