Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2131 — Out-of-bounds Write in Openssl

8 documents7 sources

Severity

7.5HIGHNVD

EPSS

7.9%

top 7.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openssl Debian Openssl

Timeline

PublishedApr 24

Latest updateMay 14

Description

Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/openssl

▶NVDopenssl/openssl0.9.8v

🔴Vulnerability Details

GHSA

GHSA-wvj2-94fg-jpr9: Multiple integer signedness errors in crypto/buffer/buffer↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

OpenSSL - ASN1 BIO Memory Corruption↗2012-04-19

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerability↗2012-04-24

▶

Red Hat

openssl: incomplete fix of CVE-2012-2110 for 0.9.x↗2012-04-23

▶

Debian

CVE-2012-2131: openssl - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v a...↗2012

▶

💬Community

Bugzilla

CVE-2012-2131 openssl: incomplete fix of CVE-2012-2110 for 0.9.x↗2012-04-24

▶

Bugzilla

CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow↗2012-04-19

▶