FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2110

This CVE name corresponds to:

Entered Topic
2012-06-27 FreeBSD -- OpenSSL multiple vulnerabilities
2012-04-21 OpenSSL -- integer conversions result in memory corruption

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-2110
Phase Assigned(20120404)

Description

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

References

Source Reference
FULLDISC 20120419 incorrect integer conversions in OpenSSL can result in memory corruption.
CONFIRM http://cvs.openssl.org/chngview?cn=22431
CONFIRM http://cvs.openssl.org/chngview?cn=22434
CONFIRM http://cvs.openssl.org/chngview?cn=22439
CONFIRM http://www.openssl.org/news/secadv_20120419.txt
CONFIRM http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
CONFIRM https://kb.juniper.net/KB27376
CONFIRM http://support.apple.com/kb/HT5784
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
APPLE APPLE-SA-2013-06-04-1
DEBIAN DSA-2454
FEDORA FEDORA-2012-6395
FEDORA FEDORA-2012-18035
HP HPSBOV02793
HP SSRT100891
HP HPSBMU02900
HP SSRT101210
REDHAT RHSA-2012:0518
REDHAT RHSA-2012:0522
REDHAT RHSA-2012:1306
REDHAT RHSA-2012:1307
REDHAT RHSA-2012:1308
SUSE SUSE-SU-2012:1149
UBUNTU USN-1424-1
SECTRACK 1026957
SECUNIA 48999
SECUNIA 48895
SECUNIA 48899
SECUNIA 48942
SECUNIA 57353