Red Hat Customer Portal

Skip to main content

CVE-2012-2110

Impact:
Important
Public Date:
2012-04-19
IAVA:
2012-A-0153
CWE:
CWE-681->CWE-119
Bugzilla:
814185: CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow

The MITRE CVE dictionary describes this issue as:

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Find out more about CVE-2012-2110 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 7.5
Base Metrics AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Lifecycle Support 4 (openssl) RHSA-2012:0522 2012-04-25
Red Hat Enterprise Linux Extended Lifecycle Support 3 (openssl) RHSA-2012:0522 2012-04-25
Red Hat JBoss Web Server 1.0 RHSA-2012:1306 2012-09-24
Red Hat JBoss Enterprise Application Platform 5.1 RHSA-2012:1307 2012-09-24
Red Hat Enterprise Linux 5 RHSA-2012:0518 2012-04-24
Red Hat Enterprise Linux Long Life (v. 5.3 server) (openssl) RHSA-2012:0522 2012-04-25
Red Hat JBoss Enterprise Application Platform 6.0 RHSA-2012:1308 2012-09-24
Red Hat Enterprise Linux Server EUS (v. 6.1) (openssl) RHSA-2012:0522 2012-04-25
Red Hat Enterprise Linux EUS (v. 5.6 server) (openssl) RHSA-2012:0522 2012-04-25
Red Hat Enterprise Linux 6 RHSA-2012:0518 2012-04-24
Red Hat Enterprise Linux Server EUS (v. 6.0) (openssl) RHSA-2012:0522 2012-04-25

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 4 openssl096b Will not fix
Red Hat Enterprise Linux 3 openssl096b Will not fix

External References

Last Modified