Computer Security
[EN] securityvulns.ru no-pyccku


OpenSSL memory corruption
updated since 22.04.2012
Published:24.04.2012
Source:
SecurityVulns ID:12332
Type:remote
Threat Level:
6/10
Description:Memory corruption in asn1_d2i_read_bio()/SMIME_read_PKCS7()/SMIME_read_CMS()
Affected:OPENSSL : OpenSSL 0.9
 OPENSSL : OpenSSL 1.0
CVE:CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:064 ] openssl0.9.8 (24.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2454-1] openssl security update (22.04.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod