Computer Security
[EN] securityvulns.ru
no-pyccku



CVECVE-2012-2131
StatusCandidate
DescriptionMultiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
SeverityHigh
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (26.03.2014)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2131
ReferencesBID : 53212
 CONFIRM : http://cvs.openssl.org/chngview?cn=22479
 CONFIRM : http://www.openssl.org/news/secadv_20120424.txt
 DEBIAN : DSA-2454
 HP : HPSBOV02793
 HP : SSRT100891
 MLIST : [oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
 SECTRACK : 1026957
 SECUNIA : 48895
 UBUNTU : USN-1428-1
SecurityVulns:OpenSSL memory corruption
 RSA BSAFE security vulnerabilities
 RSA BSAFE multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru