National Cyber Awareness System

Vulnerability Summary for CVE-2012-2110

Overview

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://kb.juniper.net/KB27376

Hyperlink:https://kb.juniper.net/KB27376

External Source: UBUNTU

Name: USN-1424-1

Hyperlink:http://www.ubuntu.com/usn/USN-1424-1

External Source: SECTRACK

Name: 1026957

Hyperlink:http://www.securitytracker.com/id?1026957

External Source: CONFIRM

Name: http://www.openssl.org/news/secadv_20120419.txt

Type: Advisory

Hyperlink:http://www.openssl.org/news/secadv_20120419.txt

External Source: DEBIAN

Name: DSA-2454

Hyperlink:http://www.debian.org/security/2012/dsa-2454

External Source: CONFIRM

Name: http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

Hyperlink:http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

External Source: SECUNIA

Name: 48999

Hyperlink:http://secunia.com/advisories/48999

External Source: SECUNIA

Name: 48942

Hyperlink:http://secunia.com/advisories/48942

External Source: SECUNIA

Name: 48899

Hyperlink:http://secunia.com/advisories/48899

External Source: SECUNIA

Name: 48895

Hyperlink:http://secunia.com/advisories/48895

External Source: REDHAT

Name: RHSA-2012:1308

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1308.html

External Source: REDHAT

Name: RHSA-2012:1307

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1307.html

External Source: REDHAT

Name: RHSA-2012:1306

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1306.html

External Source: REDHAT

Name: RHSA-2012:0522

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0522.html

External Source: REDHAT

Name: RHSA-2012:0518

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0518.html

External Source: HP

Name: HPSBOV02793

Hyperlink:http://marc.info/?l=bugtraq&m=134039053214295&w=2

External Source: HP

Name: SSRT100891

Hyperlink:http://marc.info/?l=bugtraq&m=134039053214295&w=2

External Source: SUSE

Name: SUSE-SU-2012:1149

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html

External Source: FEDORA

Name: FEDORA-2012-6395

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=22439

Hyperlink:http://cvs.openssl.org/chngview?cn=22439

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=22434

Hyperlink:http://cvs.openssl.org/chngview?cn=22434

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=22431

Hyperlink:http://cvs.openssl.org/chngview?cn=22431

External Source: FULLDISC

Name: 20120419 incorrect integer conversions in OpenSSL can result in memory corruption.

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html