CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
94.9%
It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL
0.9.8. A remote attacker could trigger this flaw in services that used SSL
to cause a denial of service or possibly execute arbitrary code with
application privileges. Ubuntu 11.10 was not affected by this issue.
(CVE-2012-2131)
The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean()
to sometimes return the wrong error condition. This update fixes the
problem.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | libssl0.9.8 | < 0.9.8g-4ubuntu3.18 | UNKNOWN |
Ubuntu | 8.04 | noarch | libcrypto0.9.8-udeb | < 0.9.8g-4ubuntu3.18 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl-dev | < 0.9.8g-4ubuntu3.18 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8-dbg | < 0.9.8g-4ubuntu3.18 | UNKNOWN |
Ubuntu | 8.04 | noarch | openssl | < 0.9.8g-4ubuntu3.18 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl1.0.0 | < 1.0.0e-2ubuntu4.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | libcrypto1.0.0-udeb | < 1.0.0e-2ubuntu4.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl-dev | < 1.0.0e-2ubuntu4.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl1.0.0-dbg | < 1.0.0e-2ubuntu4.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | libssl1.0.0-udeb | < 1.0.0e-2ubuntu4.5 | UNKNOWN |