FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2110

This CVE name corresponds to:

Entered	Topic
2012-06-27	FreeBSD -- OpenSSL multiple vulnerabilities
2012-04-21	OpenSSL -- integer conversions result in memory corruption

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-2110 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2012-2110
Phase	Assigned(20120404)

Description

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

References

Source	Reference
FULLDISC	20120419 incorrect integer conversions in OpenSSL can result in memory corruption.
CONFIRM	http://cvs.openssl.org/chngview?cn=22431
CONFIRM	http://cvs.openssl.org/chngview?cn=22434
CONFIRM	http://cvs.openssl.org/chngview?cn=22439
CONFIRM	http://www.openssl.org/news/secadv_20120419.txt
CONFIRM	http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
CONFIRM	https://kb.juniper.net/KB27376
CONFIRM	http://support.apple.com/kb/HT5784
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
APPLE	APPLE-SA-2013-06-04-1
DEBIAN	DSA-2454
FEDORA	FEDORA-2012-6395
FEDORA	FEDORA-2012-18035
HP	HPSBOV02793
HP	SSRT100891
HP	HPSBMU02900
HP	SSRT101210
REDHAT	RHSA-2012:0518
REDHAT	RHSA-2012:0522
REDHAT	RHSA-2012:1306
REDHAT	RHSA-2012:1307
REDHAT	RHSA-2012:1308
SUSE	SUSE-SU-2012:1149
UBUNTU	USN-1424-1
SECTRACK	1026957
SECUNIA	48999
SECUNIA	48895
SECUNIA	48899
SECUNIA	48942
SECUNIA	57353