Main Vulnerability Database Exploits ID:3664 - Exploit for Buffer overflow in OpenSSL - CVE-2012-2110

ID:3664 - Exploit for Buffer overflow in OpenSSL - CVE-2012-2110

Published: July 29, 2020

Vulnerability identifier: #VU32816

Vulnerability risk: Medium

CVE-ID: CVE-2012-2110

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
OpenSSL

Link to public exploit:

https://www.exploit-db.com/exploits/18756/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Remediation

Install update from vendor's website.

ID:3664 - Exploit for Buffer overflow in OpenSSL - CVE-2012-2110

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human