CVE-2012-2110
Priority
Medium
Description
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before
0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly
interpret integer data, which allows remote attackers to conduct buffer
overflow attacks, and cause a denial of service (memory corruption) or
possibly have unspecified other impact, via crafted DER data, as
demonstrated by an X.509 certificate or an RSA public key.
0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly
interpret integer data, which allows remote attackers to conduct buffer
overflow attacks, and cause a denial of service (memory corruption) or
possibly have unspecified other impact, via crafted DER data, as
demonstrated by an X.509 certificate or an RSA public key.
References
Assigned-to
jdstrand
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | released (0.9.8o-7ubuntu1.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (0.9.8o-7ubuntu3.1) |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (0.9.8g-4ubuntu3.17) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (0.9.8k-7ubuntu8.10) |
| Ubuntu 11.04 (Natty Narwhal): | released (0.9.8o-5ubuntu1.4) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1.0.0e-2ubuntu4.4) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (1.0.1-4ubuntu3) |
Patches:
| Upstream: | http://cvs.openssl.org/chngview?cn=22439 |