The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before
0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly
interpret integer data, which allows remote attackers to conduct buffer
overflow attacks, and cause a denial of service (memory corruption) or
possibly have unspecified other impact, via crafted DER data, as
demonstrated by an X.509 certificate or an RSA public key.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/985870>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenssl< 0.9.8g-4ubuntu3.17UNKNOWN
ubuntu10.04noarchopenssl< 0.9.8k-7ubuntu8.10UNKNOWN
ubuntu11.04noarchopenssl< 0.9.8o-5ubuntu1.4UNKNOWN
ubuntu11.10noarchopenssl< 1.0.0e-2ubuntu4.4UNKNOWN
ubuntu11.10noarchopenssl098< 0.9.8o-7ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	openssl	< 0.9.8g-4ubuntu3.17	UNKNOWN
ubuntu	10.04	noarch	openssl	< 0.9.8k-7ubuntu8.10	UNKNOWN
ubuntu	11.04	noarch	openssl	< 0.9.8o-5ubuntu1.4	UNKNOWN
ubuntu	11.10	noarch	openssl	< 1.0.0e-2ubuntu4.4	UNKNOWN
ubuntu	11.10	noarch	openssl098	< 0.9.8o-7ubuntu1.2	UNKNOWN

References

www.openssl.org/news/secadv_20120419.txt

launchpad.net/bugs/cve/CVE-2012-2110

nvd.nist.gov/vuln/detail/CVE-2012-2110

security-tracker.debian.org/tracker/CVE-2012-2110

ubuntu.com/security/notices/USN-1424-1

www.cve.org/CVERecord?id=CVE-2012-2110

altlinux 5

debiancve 2

openvas 55

nessus 49

nvd 2

oraclelinux 3

amazon 2

freebsd 2

centos 1

cvelist 2

openssl 2

threatpost 3

seebug 2

veracode 2

exploitpack 1

fedora 6

redhat 5

zdt 3

prion 2

f5 4

cve 2

securityvulns 14

suse 5

vmware 3

exploitdb 1

debian 2

checkpoint_security 1

ubuntucve 1

ubuntu 2

osv 2

freebsd_advisory 1

aix 1

gentoo 1

ibm 8

lenovo 2

altlinux

Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0i-alt1

2012-04-19 00:00:00

debiancve

CVE-2012-2110

2012-04-19 17:55:01

CVE-2012-2131

2012-04-24 20:55:02

openvas

RedHat Update for openssl RHSA-2012:0518-01

2012-04-26 00:00:00

Fedora Update for openssl FEDORA-2012-6343

2012-08-30 00:00:00

Fedora Update for openssl FEDORA-2012-6343

2012-08-30 00:00:00

nessus

Amazon Linux AMI : openssl (ALAS-2012-72)

2013-09-04 00:00:00

RHEL 4 : openssl096b (Unpatched Vulnerability)

2024-06-03 00:00:00

Mandriva Linux Security Advisory : openssl (MDVSA-2012:060)

2012-04-20 00:00:00

nvd

CVE-2012-2110

2012-04-19 17:55:01

CVE-2012-2131

2012-04-24 20:55:02

oraclelinux

openssl security update

2012-05-08 00:00:00

openssl security update

2012-04-25 00:00:00

openssl097a and openssl098e security update

2014-06-05 00:00:00

amazon

Important: openssl

2012-05-02 12:28:00

Important: openssl098e

2012-05-02 12:31:00

freebsd

OpenSSL -- integer conversions result in memory corruption

2012-04-19 00:00:00

FreeBSD -- OpenSSL multiple vulnerabilities

2012-05-03 00:00:00

centos

openssl, openssl097a, openssl098e security update

2012-04-25 01:22:21

cvelist

CVE-2012-2110

2012-04-19 17:00:00

CVE-2012-2131

2012-04-24 20:00:00

openssl

Vulnerability in OpenSSL - ASN1 BIO vulnerability

2012-04-19 00:00:00

Vulnerability in OpenSSL - ASN1 BIO incomplete fix

2012-04-24 00:00:00

threatpost

E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm

2012-04-24 21:33:10

OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug

2012-04-24 19:17:06

New Java Malware Exploits Both Windows And Mac Users

2012-04-24 17:37:49

seebug

OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞

2012-04-22 00:00:00

OpenSSL ASN1 BIO Memory Corruption Vulnerability

2014-07-01 00:00:00

veracode

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2017-02-09 00:33:40

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2019-01-15 08:50:55

exploitpack

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

fedora

[SECURITY] Fedora 17 Update: openssl-1.0.0i-1.fc17

2012-04-26 20:07:43

[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16

2012-04-27 20:50:05

[SECURITY] Fedora 15 Update: openssl-1.0.0i-1.fc15

2012-05-10 14:16:11

redhat

(RHSA-2012:0518) Important: openssl security update

2012-04-24 00:00:00

(RHSA-2012:0522) Important: openssl security update

2012-04-25 00:00:00

(RHSA-2012:1308) Important: openssl security update

2012-09-24 15:54:31

zdt

OpenSSL 1.0.1 Memory Corruption

2012-04-21 00:00:00

OpenSSL ASN1 BIO Memory Corruption Vulnerability

2012-04-19 00:00:00

OpenSSL 1.0.1 ASN1 BIO Vulnerability

2012-04-21 00:00:00

prion

Buffer overflow

2012-04-19 17:55:00

Integer overflow

2012-04-24 20:55:00

K16285 : OpenSSL vulnerability CVE-2012-2110

2015-07-24 00:00:00

SOL16285 - OpenSSL vulnerability CVE-2012-2110

2015-04-09 00:00:00

K17454 : OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

2015-10-16 00:00:00

cve

CVE-2012-2110

2012-04-19 17:55:01

CVE-2012-2131

2012-04-24 20:55:02

securityvulns

[ MDVSA-2012:064 ] openssl0.9.8

2012-04-24 00:00:00

OpenSSL memory corruption

2012-04-24 00:00:00

RSA BSAFE security vulnerabilities

2012-10-29 00:00:00

suse

Security update for compat-openssl097g (important)

2012-09-18 15:08:35

Security update for openssl (important)

2012-05-23 01:08:20

Security update for openssl (important)

2012-05-16 21:08:16

vmware

VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.

2013-02-21 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

exploitdb

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

debian

[SECURITY] [DSA 2454-2] openssl incomplete fix

2012-04-25 02:03:10

[SECURITY] [DSA 2454-1] openssl security update

2012-04-19 21:21:20

checkpoint_security

Check Point response to OpenSSL ASN1 BIO vulnerability (CVE-2012-2110, CVE-2012-2131)

2012-04-19 21:00:00

ubuntucve

CVE-2012-2131

2012-04-24 00:00:00

ubuntu

OpenSSL vulnerability

2012-04-24 00:00:00

OpenSSL vulnerabilities

2012-04-19 00:00:00

osv

openssl - multiple

2012-04-24 00:00:00

openssl - incomplete fix

2012-04-24 00:00:00

freebsd_advisory

FreeBSD-SA-12:01.openssl

2012-05-30 00:00:00

aix

Multiple OpenSSL vulnerabilities

2012-08-01 09:25:58

gentoo

OpenSSL: Multiple Vulnerabilities

2013-12-03 00:00:00

ibm

Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000 and D5100 and IBM Smart Analytics System 1050, 2050, 5600 and 5710 are affected by vulnerabilities in OpenSSL

2022-09-25 23:13:40

Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL

2022-09-25 20:45:36

Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.

2018-06-18 00:07:41

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.1

Percentile

94.9%

JSON

Related for UB:CVE-2012-2110