Computer Security
[EN] no-pyccku

DescriptionMultiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (26.03.2014)
ReferencesSECTRACK : 1026957
 SECUNIA : 48895
 BID : 53212
 DEBIAN : DSA-2454
 HP : HPSBOV02793
 HP : SSRT100891
 UBUNTU : USN-1428-1
 MLIST : [oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
SecurityVulns:OpenSSL memory corruption
 RSA BSAFE security vulnerabilities
 RSA BSAFE multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod