Description

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Remediation

References

CVE-2012-2110

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

Oracle Database Server CVE-2009-1964 Vulnerability (CVE-2009-1964)

Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21656)

CakePHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-4067)

WordPress Plugin Google Analytics Counter Tracker PHP Object Injection (3.4.0)

Severity

High

Classification

CVE-2012-2110 CWE-119

Tags

Missing Update Known Vulnerabilities