VDB
DEBIAN-CVE-2012-2110
DEBIAN-CVE-2012-2110
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | openssl | 0, 0, 0 |
| Debian:11 | openssl | 0, 0, 0 |
| Debian:14 | openssl | 0, 0, 0 |
| Debian:13 | openssl | 0, 0, 0 |
Timeline
- Apr 19, 2012 CVE Published
- Apr 28, 2026 CVE Updated