CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.9%
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL
0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause
a denial of service (memory corruption) or possibly have unspecified other
impact, via crafted DER data, as demonstrated by an X.509 certificate or an
RSA public key. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2012-2110.
Author | Note |
---|---|
mdeslaur | 1.0.x not affected by CVE-2012-2131 all releases also have second patch to fix incorrect error code introduced in the fix for CVE-2012-2110 |