Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssl< 3.0.13-1~deb12u1openssl_3.0.13-1~deb12u1_all.deb
Debian11allopenssl< 1.1.1w-0+deb11u1openssl_1.1.1w-0+deb11u1_all.deb
Debian999allopenssl< 3.2.2-1openssl_3.2.2-1_all.deb
Debian13allopenssl< 3.2.2-1openssl_3.2.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssl	< 3.0.13-1~deb12u1	openssl_3.0.13-1~deb12u1_all.deb
Debian	11	all	openssl	< 1.1.1w-0+deb11u1	openssl_1.1.1w-0+deb11u1_all.deb
Debian	999	all	openssl	< 3.2.2-1	openssl_3.2.2-1_all.deb
Debian	13	all	openssl	< 3.2.2-1	openssl_3.2.2-1_all.deb

securityvulns 14

suse 5

openvas 55

nessus 50

checkpoint_security 1

cve 2

ubuntucve 2

cvelist 2

ubuntu 2

nvd 2

prion 2

debian 2

openssl 2

f5 4

osv 2

debiancve 1

altlinux 5

freebsd 2

oraclelinux 3

threatpost 3

centos 1

amazon 2

redhat 5

seebug 2

fedora 6

veracode 2

exploitpack 1

aix 1

vmware 2

exploitdb 1

ibm 13

freebsd_advisory 1

gentoo 1

securityvulns

[ MDVSA-2012:064 ] openssl0.9.8

2012-04-24 00:00:00

OpenSSL memory corruption

2012-04-24 00:00:00

ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities

2014-04-07 00:00:00

suse

Security update for compat-openssl097g (important)

2012-09-18 15:08:35

Security update for openssl (important)

2012-05-23 01:08:20

Security update for compat-openssl097g (important)

2012-09-12 07:08:33

openvas

OpenSSL: ASN1 BIO Incomplete Fix (20120424) - Linux

2021-08-16 00:00:00

Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8)

2012-08-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2012:0623-1)

2021-06-09 00:00:00

nessus

SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)

2013-01-25 00:00:00

SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)

2013-01-25 00:00:00

Mandriva Linux Security Advisory : openssl0.9.8 (MDVSA-2012:064)

2012-04-25 00:00:00

checkpoint_security

Check Point response to OpenSSL ASN1 BIO vulnerability (CVE-2012-2110, CVE-2012-2131)

2012-04-19 21:00:00

cve

CVE-2012-2131

2012-04-24 20:55:02

CVE-2012-2110

2012-04-19 17:55:01

ubuntucve

CVE-2012-2131

2012-04-24 00:00:00

CVE-2012-2110

2012-04-19 00:00:00

cvelist

CVE-2012-2131

2012-04-24 20:00:00

CVE-2012-2110

2012-04-19 17:00:00

ubuntu

OpenSSL vulnerability

2012-04-24 00:00:00

OpenSSL vulnerabilities

2012-04-19 00:00:00

nvd

CVE-2012-2131

2012-04-24 20:55:02

CVE-2012-2110

2012-04-19 17:55:01

prion

Integer overflow

2012-04-24 20:55:00

Buffer overflow

2012-04-19 17:55:00

debian

[SECURITY] [DSA 2454-2] openssl incomplete fix

2012-04-25 02:03:10

[SECURITY] [DSA 2454-1] openssl security update

2012-04-19 21:21:20

openssl

Vulnerability in OpenSSL CVE-2012-2131

2012-04-24 00:00:00

Vulnerability in OpenSSL CVE-2012-2110

2012-04-19 00:00:00

SOL17454 - OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

2015-10-16 00:00:00

K17454 : OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

2015-10-16 00:00:00

K16285 : OpenSSL vulnerability CVE-2012-2110

2015-07-24 00:00:00

osv

openssl - multiple

2012-04-24 00:00:00

openssl - incomplete fix

2012-04-24 00:00:00

debiancve

CVE-2012-2110

2012-04-19 17:55:01

altlinux

Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 6 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

freebsd

OpenSSL -- integer conversions result in memory corruption

2012-04-19 00:00:00

FreeBSD -- OpenSSL multiple vulnerabilities

2012-05-03 00:00:00

oraclelinux

openssl security update

2012-04-25 00:00:00

openssl security update

2012-05-08 00:00:00

openssl097a and openssl098e security update

2014-06-05 00:00:00

threatpost

E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm

2012-04-24 21:33:10

OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug

2012-04-24 19:17:06

New Java Malware Exploits Both Windows And Mac Users

2012-04-24 17:37:49

centos

openssl, openssl097a, openssl098e security update

2012-04-25 01:22:21

amazon

Important: openssl

2012-05-02 12:28:00

Important: openssl098e

2012-05-02 12:31:00

redhat

(RHSA-2012:0522) Important: openssl security update

2012-04-25 00:00:00

(RHSA-2012:0518) Important: openssl security update

2012-04-24 00:00:00

(RHSA-2012:1307) Important: openssl security update

2012-09-24 15:53:22

seebug

OpenSSL ASN1 BIO Memory Corruption Vulnerability

2014-07-01 00:00:00

OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞

2012-04-22 00:00:00

fedora

[SECURITY] Fedora 17 Update: openssl-1.0.0i-1.fc17

2012-04-26 20:07:43

[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16

2012-04-27 20:50:05

[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16

2012-06-03 00:00:32

veracode

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2017-02-09 00:33:40

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2019-01-15 08:50:55

exploitpack

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

aix

Multiple OpenSSL vulnerabilities

2012-08-01 09:25:58

vmware

VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.

2013-02-21 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

exploitdb

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

ibm

Security Bulletin: IBM Smart Analytics System 1050, 2050, and 5600 and IBM InfoSphere Balanced Warehouse C3000, C4000, and D5100 are affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

Security Bulletin: IBM Smart Analytics System 5710 is affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

freebsd_advisory

FreeBSD-SA-12:01.openssl

2012-05-30 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2013-12-03 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.1

Percentile

94.9%

JSON

Related for DEBIANCVE:CVE-2012-2131