Main Vulnerability Database Vulnerabilities #VU32816

#VU32816 Buffer overflow in OpenSSL - CVE-2012-2110

Published: April 19, 2012 / Updated: July 29, 2020

Vulnerability identifier: #VU32816

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2012-2110

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
OpenSSL

Software vendor:
OpenSSL Software Foundation

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Remediation

Install update from vendor's website.

#VU32816 Buffer overflow in OpenSSL - CVE-2012-2110

Description

Remediation

External links

Please verify you're human