CVE-2012-2110

HIGH

Description

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

References

http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html

http://cvs.openssl.org/chngview?cn=22431

http://cvs.openssl.org/chngview?cn=22434

http://cvs.openssl.org/chngview?cn=22439

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html

http://marc.info/?l=bugtraq&m=133728068926468&w=2

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=134039053214295&w=2

http://osvdb.org/81223

http://rhn.redhat.com/errata/RHSA-2012-0518.html

http://rhn.redhat.com/errata/RHSA-2012-0522.html

http://rhn.redhat.com/errata/RHSA-2012-1306.html

http://rhn.redhat.com/errata/RHSA-2012-1307.html

http://rhn.redhat.com/errata/RHSA-2012-1308.html

http://secunia.com/advisories/48847

http://secunia.com/advisories/48895

http://secunia.com/advisories/48899

http://secunia.com/advisories/48942

http://secunia.com/advisories/48999

http://secunia.com/advisories/57353

http://support.apple.com/kb/HT5784

http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

http://www.debian.org/security/2012/dsa-2454

http://www.exploit-db.com/exploits/18756

http://www.mandriva.com/security/advisories?name=MDVSA-2012:060

http://www.openssl.org/news/secadv_20120419.txt

http://www.securityfocus.com/bid/53158

http://www.securitytracker.com/id?1026957

http://www.ubuntu.com/usn/USN-1424-1

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

https://kb.juniper.net/KB27376

Details

Source: MITRE

Published: 2012-04-19

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8u (inclusive)

cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
127201NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)NessusNewStart CGSL Local Security Checks
critical
127177NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)NessusNewStart CGSL Local Security Checks
critical
125001EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)NessusHuawei Local Security Checks
high
89663VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)NessusMisc.
critical
89038VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)NessusMisc.
high
82671F5 Networks BIG-IP : OpenSSL vulnerability (SOL16285)NessusF5 Networks Local Security Checks
high
80717Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl1)NessusSolaris Local Security Checks
high
80197Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)NessusJunos Local Security Checks
high
79532OracleVM 3.2 : onpenssl (OVMSA-2014-0008)NessusOracleVM Local Security Checks
critical
79531OracleVM 2.2 : openssl (OVMSA-2014-0007)NessusOracleVM Local Security Checks
critical
74901openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)NessusSuSE Local Security Checks
high
74641openSUSE Security Update : openssl (openSUSE-2012-308)NessusSuSE Local Security Checks
high
73562AIX OpenSSL Advisory : openssl_advisory4.ascNessusAIX Local Security Checks
high
71169GLSA-201312-03 : OpenSSL: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high
69680Amazon Linux AMI : openssl098e (ALAS-2012-73)NessusAmazon Linux Local Security Checks
high
69679Amazon Linux AMI : openssl (ALAS-2012-72)NessusAmazon Linux Local Security Checks
high
69020HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)NessusWeb Servers
high
68672Oracle Linux 4 : openssl (ELSA-2012-2011)NessusOracle Linux Local Security Checks
high
68519Oracle Linux 5 / 6 : openssl (ELSA-2012-0518)NessusOracle Linux Local Security Checks
high
801016Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)Log Correlation EngineOperating System Detection
high
6857Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)Nessus Network MonitorWeb Clients
critical
66809Mac OS X Multiple Vulnerabilities (Security Update 2013-002)NessusMacOS X Local Security Checks
critical
66808Mac OS X 10.8.x < 10.8.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
64812VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.NessusVMware ESX Local Security Checks
high
64184SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)NessusSuSE Local Security Checks
high
64120SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)NessusSuSE Local Security Checks
high
64033RHEL 4 / 5 / 6 : openssl (RHSA-2012:0522)NessusRed Hat Local Security Checks
high
63031Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)NessusFedora Local Security Checks
high
62060SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)NessusSuSE Local Security Checks
high
61747VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party librariesNessusVMware ESX Local Security Checks
high
61305Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120424)NessusScientific Linux Local Security Checks
high
59989Juniper Junos OpenSSL ASN.1 Memory Corruption (PSN-2012-07-645)NessusJunos Local Security Checks
high
59747FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)NessusFreeBSD Local Security Checks
high
59237SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)NessusSuSE Local Security Checks
high
59071Fedora 15 : openssl-1.0.0i-1.fc15 (2012-6395)NessusFedora Local Security Checks
high
58916Fedora 16 : openssl-1.0.0i-1.fc16 (2012-6403)NessusFedora Local Security Checks
high
58888Fedora 17 : openssl-1.0.0i-1.fc17 (2012-6343)NessusFedora Local Security Checks
high
58873Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)NessusUbuntu Local Security Checks
high
58869RHEL 5 / 6 : openssl (RHSA-2012:0518)NessusRed Hat Local Security Checks
high
58852CentOS 5 / 6 : openssl (CESA-2012:0518)NessusCentOS Local Security Checks
high
58799OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory CorruptionNessusWeb Servers
high
58829FreeBSD : OpenSSL -- integer conversions result in memory corruption (7184f92e-8bb8-11e1-8d7b-003067b2972c)NessusFreeBSD Local Security Checks
high
58808Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)NessusUbuntu Local Security Checks
high
58806Mandriva Linux Security Advisory : openssl (MDVSA-2012:060)NessusMandriva Local Security Checks
high
58804Debian DSA-2454-2 : openssl - multiple vulnerabilitiesNessusDebian Local Security Checks
high
58801OpenSSL 1.0.1 < 1.0.1a ASN.1 asn1_d2i_read_bio Memory CorruptionNessusWeb Servers
high
58800OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory CorruptionNessusWeb Servers
high