DEBIAN-CVE-2012-2110

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2012-2110

Downstream

DSA-2454-1

Published: 19 Apr 2012, 17:55

Last modified:28 Apr 2026, 20:11

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Apr 2012, 17:55

Published

Vulnerability first disclosed

28 Apr 2026, 20:11

Last Modified

Vulnerability information updated

Description

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Affected Systems

debian•openssl
< 1.0.1a-1 | < 1.0.1a-1 | < 1.0.1a-1 | < 1.0.1a-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2012-2110