Lucene search

K
cve[email protected]CVE-2012-2131
HistoryApr 24, 2012 - 8:55 p.m.

CVE-2012-2131

2012-04-2420:55:02
CWE-189
web.nvd.nist.gov
88
cve-2012-2131
openssl
buffer overflow
remote attackers
memory corruption
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.1

Percentile

94.9%

Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.

Affected configurations

NVD
Node
opensslopensslMatch0.9.8v
VendorProductVersionCPE
opensslopenssl0.9.8vcpe:/a:openssl:openssl:0.9.8v:::

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.1

Percentile

94.9%