CVE-2012-2131
published 2012-04-24CVE-2012-2131: Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
17.00%
96.7th percentile
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenSSL vulnerability
vendor_ubuntu·2012-04-24·CVSS 7.5
CVE-2012-2131 [HIGH] OpenSSL vulnerability
Title: OpenSSL vulnerability
Summary: An application using OpenSSL could be made to crash or run programs if it
opened a specially crafted file.
It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL
0.9.8. A remote attacker could trigger this flaw in services that used SSL
to cause a denial of service or possibly execute arbitrary code with
application privileges. Ubuntu 11.10 was not affected by this issue.
(CVE-2012-2131)
The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean()
to sometimes return the wrong error condition. This update fixes the
problem.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
openssl: incomplete fix of CVE-2012-2110 for 0.9.x
vendor_redhat·2012-04-23·CVSS 7.5
CVE-2012-2131 [HIGH] openssl: incomplete fix of CVE-2012-2110 for 0.9.x
openssl: incomplete fix of CVE-2012-2110 for 0.9.x
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
Statement: Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as there were no updates released with an incomplete CVE-2012-2110 fix.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl096b (Red Hat Enterprise Linux 4) - Not affected
Package: openssl (
Debian
CVE-2012-2131: openssl - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v a...
vendor_debian·2012·CVSS 7.5
CVE-2012-2131 [HIGH] CVE-2012-2131: openssl - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v a...
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-wvj2-94fg-jpr9: Multiple integer signedness errors in crypto/buffer/buffer
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2012-2131 [HIGH] GHSA-wvj2-94fg-jpr9: Multiple integer signedness errors in crypto/buffer/buffer
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
No detection rules found.
Bugzilla
CVE-2012-2131 openssl: incomplete fix of CVE-2012-2110 for 0.9.x
bugzilla·2012-04-24·CVSS 7.5
CVE-2012-2131 [HIGH] CVE-2012-2131 openssl: incomplete fix of CVE-2012-2110 for 0.9.x
CVE-2012-2131 openssl: incomplete fix of CVE-2012-2110 for 0.9.x
It was discovered that upstream fix for OpenSSL issue CVE-2012-2110 (see bug #814185) did not completely address the issue for OpenSSL versions 0.9.x. This incomplete fix problem did not affect versions 1.0.0 and 1.0.1, and was corrected in 0.9.8 branch in version 0.9.8w.
Upstream commit and announcement of the 0.9.8w release:
http://cvs.openssl.org/chngview?cn=22479
http://marc.info/?l=openssl-dev&m=133525318514423&w=2
Discussion:
As there were no Red Hat Enterprise Linux or Fedora updates released with an incomplete fix, they are not affected by this CVE.
Statement:
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as there were no updates release
Bugzilla
CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow
bugzilla·2012-04-19·CVSS 7.5
CVE-2012-2110 [HIGH] CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow
CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow
Quoting Tavis Ormandy's advisory "Incorrect integer conversions in OpenSSL can result in memory corruption.":
asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can
cause memory corruption when parsing encoded ASN.1 data. This error can be
exploited on systems that parse untrusted data, such as X.509 certificates
or RSA public keys.
Reference:
http://seclists.org/fulldisclosure/2012/Apr/210
Tavis's post also provides link to an upstream advisory, which has not been published yet. Fixes are not yet available in upstream CVS repository.
http://www.openssl.org/news/secadv_20120419.txt
Discussion:
Created mingw32-openssl tracking bugs for this issue
Affects: fedora-all [bug 814203]
---
http://cvs.openssl.org/chngview?cn=22479http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlhttp://marc.info/?l=bugtraq&m=133728068926468&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://secunia.com/advisories/48895http://secunia.com/advisories/48956http://secunia.com/advisories/57353http://support.apple.com/kb/HT5784http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://www.debian.org/security/2012/dsa-2454http://www.mandriva.com/security/advisories?name=MDVSA-2012:064http://www.openssl.org/news/secadv_20120424.txthttp://www.openwall.com/lists/oss-security/2012/04/24/1http://www.securityfocus.com/bid/53212http://www.securitytracker.com/id?1026957http://www.ubuntu.com/usn/USN-1428-1https://exchange.xforce.ibmcloud.com/vulnerabilities/75099http://cvs.openssl.org/chngview?cn=22479http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlhttp://marc.info/?l=bugtraq&m=133728068926468&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://secunia.com/advisories/48895http://secunia.com/advisories/48956http://secunia.com/advisories/57353http://support.apple.com/kb/HT5784http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://www.debian.org/security/2012/dsa-2454http://www.mandriva.com/security/advisories?name=MDVSA-2012:064http://www.openssl.org/news/secadv_20120424.txthttp://www.openwall.com/lists/oss-security/2012/04/24/1http://www.securityfocus.com/bid/53212http://www.securitytracker.com/id?1026957http://www.ubuntu.com/usn/USN-1428-1https://exchange.xforce.ibmcloud.com/vulnerabilities/75099
2012-04-24
Published