OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability

OpenSSL is prone to a remote memory-corruption vulnerability because of integer-truncation errors. Specifically, the issue exists due to incomplete fix for CVE-2012-2110 (BID 53158 - OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability).

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in a denial-of-service condition.

OpenSSL 0.9.8v is affected.


 

Privacy Statement
Copyright 2010, SecurityFocus