Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2012-2110

Published: 19/04/2012 Updated: 05/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL prior to 0.9.8v, 1.0.0 prior to 1.0.0i, and 1.0.1 prior to 1.0.1a does not properly interpret integer data, which allows remote malicious users to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.0

openssl openssl 1.0.0a

openssl openssl 1.0.0g

openssl openssl 1.0.0e

openssl openssl 1.0.0d

openssl openssl 1.0.0c

openssl openssl 1.0.0b

openssl openssl

openssl openssl 0.9.8r

openssl openssl 0.9.8q

openssl openssl 0.9.8p

openssl openssl 0.9.8j

openssl openssl 0.9.8i

openssl openssl 0.9.8b

openssl openssl 0.9.8a

openssl openssl 0.9.7

openssl openssl 0.9.7d

openssl openssl 0.9.7e

openssl openssl 0.9.6a

openssl openssl 0.9.6i

openssl openssl 0.9.6h

openssl openssl 0.9.6m

openssl openssl 0.9.6l

openssl openssl 0.9.5

openssl openssl 0.9.8m

openssl openssl 0.9.8f

openssl openssl 0.9.8e

openssl openssl 0.9.7m

openssl openssl 0.9.7l

openssl openssl 0.9.7a

openssl openssl 0.9.7h

openssl openssl 0.9.7f

openssl openssl 0.9.6

openssl openssl 0.9.6e

openssl openssl 0.9.6d

openssl openssl 0.9.5a

openssl openssl 0.9.3

openssl openssl 0.9.2b

openssl openssl 0.9.1c

openssl openssl 0.9.8o

openssl openssl 0.9.8n

openssl openssl 0.9.8h

openssl openssl 0.9.8g

openssl openssl 0.9.8

redhat openssl 0.9.7a-2

openssl openssl 0.9.7b

openssl openssl 0.9.7c

openssl openssl 0.9.6c

openssl openssl 0.9.6b

redhat openssl 0.9.6b-3

redhat openssl 0.9.6-15

openssl openssl 0.9.4

openssl openssl 0.9.3a

openssl openssl 0.9.8t

openssl openssl 0.9.8s

openssl openssl 0.9.8l

openssl openssl 0.9.8k

openssl openssl 0.9.8d

openssl openssl 0.9.8c

openssl openssl 0.9.7k

openssl openssl 0.9.7j

openssl openssl 0.9.7i

openssl openssl 0.9.7g

openssl openssl 0.9.6g

openssl openssl 0.9.6f

openssl openssl 0.9.6k

openssl openssl 0.9.6j

openssl openssl 1.0.1

Vendor Advisories

Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated openssl, openssl097a, and openssl098e packages that fix onesecurity issue are now available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant se ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated openssl packages that fix one security issue are now available forRed Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red HatEnterprise Linux 53 Long Life; and Red Hat Enterprise Linux 56, 60 an ...
Ubuntu Security Notice: openssl vulnerability
An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file ...
Ubuntu Security Notice: openssl vulnerabilities
An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file ...
Amazon Linux AMI: ALAS-2012-073
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to cr ...
Amazon Linux AMI: ALAS-2012-072
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to cr ...

Exploits

Exploit DB: OpenSSL - ASN1 BIO Memory Corruption
Incorrect integer conversions in OpenSSL can result in memory corruption -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production systems to untrusted data asn1_d2i_read_bio in OpenSSL contains multiple integer erro ...

References

CWE-119http://www.openssl.org/news/secadv_20120419.txthttp://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.htmlhttp://cvs.openssl.org/chngview?cn=22431http://cvs.openssl.org/chngview?cn=22434http://cvs.openssl.org/chngview?cn=22439http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578http://secunia.com/advisories/48999http://marc.info/?l=bugtraq&m=134039053214295&w=2http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.htmlhttp://www.debian.org/security/2012/dsa-2454http://rhn.redhat.com/errata/RHSA-2012-0518.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0522.htmlhttp://www.ubuntu.com/usn/USN-1424-1http://www.securitytracker.com/id?1026957http://secunia.com/advisories/48895http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://secunia.com/advisories/48942http://secunia.com/advisories/48899http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlhttps://kb.juniper.net/KB27376http://support.apple.com/kb/HT5784http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://secunia.com/advisories/57353http://marc.info/?l=bugtraq&m=133951357207000&w=2http://marc.info/?l=bugtraq&m=133728068926468&w=2http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.htmlhttp://www.securityfocus.com/bid/53158http://www.exploit-db.com/exploits/18756http://secunia.com/advisories/48847http://osvdb.org/81223http://www.mandriva.com/security/advisories?name=MDVSA-2012:060http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlhttps://access.redhat.com/errata/RHSA-2012:0518https://nvd.nist.govhttps://usn.ubuntu.com/1428-1/https://www.exploit-db.com/exploits/18756/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook