Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.

References

cvs.openssl.org/chngview?cn=22479

kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html

lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html

marc.info/?l=bugtraq&m=133728068926468&w=2

marc.info/?l=bugtraq&m=134039053214295&w=2

secunia.com/advisories/48895

secunia.com/advisories/48956

secunia.com/advisories/57353

support.apple.com/kb/HT5784

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.debian.org/security/2012/dsa-2454

www.mandriva.com/security/advisories?name=MDVSA-2012:064

www.openssl.org/news/secadv_20120424.txt

www.openwall.com/lists/oss-security/2012/04/24/1

www.securityfocus.com/bid/53212

www.securitytracker.com/id?1026957

www.ubuntu.com/usn/USN-1428-1

exchange.xforce.ibmcloud.com/vulnerabilities/75099

openvas 55

suse 5

securityvulns 14

nessus 50

prion 2

debian 2

openssl 2

nvd 2

ubuntucve 2

checkpoint_security 1

cve 2

debiancve 2

ubuntu 2

f5 4

osv 2

altlinux 5

centos 1

threatpost 3

cvelist 1

oraclelinux 3

amazon 2

freebsd 2

exploitpack 1

fedora 6

veracode 2

seebug 2

redhat 5

aix 1

vmware 2

exploitdb 1

ibm 13

freebsd_advisory 1

gentoo 1

openvas

OpenSSL: ASN1 BIO Incomplete Fix (20120424) - Linux

2021-08-16 00:00:00

Debian Security Advisory DSA 2454-2 (openssl)

2012-04-30 00:00:00

Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)

2012-08-03 00:00:00

suse

Security update for compat-openssl097g (important)

2012-09-18 15:08:35

Security update for compat-openssl097g (important)

2012-09-12 07:08:33

Security update for openssl (important)

2012-05-16 21:08:16

securityvulns

[ MDVSA-2012:064 ] openssl0.9.8

2012-04-24 00:00:00

OpenSSL memory corruption

2012-04-24 00:00:00

RSA BSAFE security vulnerabilities

2012-10-29 00:00:00

nessus

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)

2012-04-25 00:00:00

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)

2012-09-12 00:00:00

OpenSSL 0.9.8v < 0.9.8w Vulnerability

2024-06-07 00:00:00

prion

Integer overflow

2012-04-24 20:55:00

Buffer overflow

2012-04-19 17:55:00

debian

[SECURITY] [DSA 2454-2] openssl incomplete fix

2012-04-25 02:03:10

[SECURITY] [DSA 2454-1] openssl security update

2012-04-19 21:21:20

openssl

Vulnerability in OpenSSL CVE-2012-2131

2012-04-24 00:00:00

Vulnerability in OpenSSL CVE-2012-2110

2012-04-19 00:00:00

nvd

CVE-2012-2131

2012-04-24 20:55:02

CVE-2012-2110

2012-04-19 17:55:01

ubuntucve

CVE-2012-2131

2012-04-24 00:00:00

CVE-2012-2110

2012-04-19 00:00:00

checkpoint_security

Check Point response to OpenSSL ASN1 BIO vulnerability (CVE-2012-2110, CVE-2012-2131)

2012-04-19 21:00:00

cve

CVE-2012-2131

2012-04-24 20:55:02

CVE-2012-2110

2012-04-19 17:55:01

debiancve

CVE-2012-2131

2012-04-24 20:55:02

CVE-2012-2110

2012-04-19 17:55:01

ubuntu

OpenSSL vulnerability

2012-04-24 00:00:00

OpenSSL vulnerabilities

2012-04-19 00:00:00

K17454 : OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

2015-10-16 00:00:00

SOL17454 - OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

2015-10-16 00:00:00

SOL16285 - OpenSSL vulnerability CVE-2012-2110

2015-04-09 00:00:00

osv

openssl - incomplete fix

2012-04-24 00:00:00

openssl - multiple

2012-04-24 00:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

centos

openssl, openssl097a, openssl098e security update

2012-04-25 01:22:21

threatpost

E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm

2012-04-24 21:33:10

OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug

2012-04-24 19:17:06

New Java Malware Exploits Both Windows And Mac Users

2012-04-24 17:37:49

cvelist

CVE-2012-2110

2012-04-19 17:00:00

oraclelinux

openssl security update

2012-05-08 00:00:00

openssl security update

2012-04-25 00:00:00

openssl097a and openssl098e security update

2014-06-05 00:00:00

amazon

Important: openssl

2012-05-02 12:28:00

Important: openssl098e

2012-05-02 12:31:00

freebsd

OpenSSL -- integer conversions result in memory corruption

2012-04-19 00:00:00

FreeBSD -- OpenSSL multiple vulnerabilities

2012-05-03 00:00:00

exploitpack

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

fedora

[SECURITY] Fedora 17 Update: openssl-1.0.0i-1.fc17

2012-04-26 20:07:43

[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16

2012-04-27 20:50:05

[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16

2012-06-03 00:00:32

veracode

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2019-01-15 08:50:55

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2017-02-09 00:33:40

seebug

OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞

2012-04-22 00:00:00

OpenSSL ASN1 BIO Memory Corruption Vulnerability

2014-07-01 00:00:00

redhat

(RHSA-2012:0518) Important: openssl security update

2012-04-24 00:00:00

(RHSA-2012:0522) Important: openssl security update

2012-04-25 00:00:00

(RHSA-2012:1308) Important: openssl security update

2012-09-24 15:54:31

aix

Multiple OpenSSL vulnerabilities

2012-08-01 09:25:58

vmware

VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.

2013-02-21 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

exploitdb

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

ibm

Security Bulletin: IBM Smart Analytics System 1050, 2050, and 5600 and IBM InfoSphere Balanced Warehouse C3000, C4000, and D5100 are affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

Security Bulletin: IBM Smart Analytics System 5710 is affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

freebsd_advisory

FreeBSD-SA-12:01.openssl

2012-05-30 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2013-12-03 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

94.9%

JSON

Related for CVELIST:CVE-2012-2131