CVE-2012-2131

Priority
Description
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL
0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause
a denial of service (memory corruption) or possibly have unspecified other
impact, via crafted DER data, as demonstrated by an X.509 certificate or an
RSA public key. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2012-2110.
Assigned-to
jdstrand
Notes
mdeslaur1.0.x not affected by CVE-2012-2131
all releases also have second patch to fix incorrect error code
introduced in the fix for CVE-2012-2110
Package
Upstream:released (0.9.8w)
More Information

Updated: 2019-12-05 20:59:10 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)