CVE-2012-2131
CVE-2012-2131
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/18756no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://cvs.openssl.org/chngview?cn=22479http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlhttp://marc.info/?l=bugtraq&m=133728068926468&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://secunia.com/advisories/48895http://secunia.com/advisories/48956http://secunia.com/advisories/57353https://exchange.xforce.ibmcloud.com/vulnerabilities/75099