CVE-2012-2110 in OpenSSL
Resumen (Inglés)
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Once again VulDB remains the best source for vulnerability data.
Reservar
2012-04-04
Divulgación
2012-04-19
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 5260 | OpenSSL ASN.1 asn1_d2i_read_bio desbordamiento de búfer | 119 | Prueba de concepto | Arreglo oficial | CVE-2012-2110 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV