Lucene search

K
freebsdFreeBSD7184F92E-8BB8-11E1-8D7B-003067B2972C
HistoryApr 19, 2012 - 12:00 a.m.

OpenSSL -- integer conversions result in memory corruption

2012-04-1900:00:00
vuxml.freebsd.org
20

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.11 Low

EPSS

Percentile

95.0%

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL
function asn1_d2i_read_bio.
Any application which uses BIO or FILE based functions to read untrusted DER
format data is vulnerable. Affected functions are of the form d2i_bio or
d2i
_fp, for example d2i_X509_bio or d2i_PKCS12_fp.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopenssl< 1.0.1_1UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.11 Low

EPSS

Percentile

95.0%