← voltar
CVE-2012-2131

CVE-2012-2131

EPSS 17.0%
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/18756não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://cvs.openssl.org/chngview?cn=22479http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlhttp://marc.info/?l=bugtraq&m=133728068926468&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://secunia.com/advisories/48895http://secunia.com/advisories/48956http://secunia.com/advisories/57353https://exchange.xforce.ibmcloud.com/vulnerabilities/75099