Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2012-AVI-479
Vulnerability from certfr_avis - Published: 2012-09-03 - Updated: 2012-09-03
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :
- Java Runtime Environment (JRE) ;
- OpenSSL ;
- le noyau ;
- Perl ;
- libxml2 ;
- glibc ;
- GnuTLS ;
- popt et rpm ;
- Apache struts.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.1 ; | ||
| VMware | N/A | VMware vCO version 4.0. | ||
| VMware | N/A | VMware vCenter version 5.0 ; | ||
| VMware | N/A | VMware vCOps version 1.0.x ; | ||
| VMware | ESXi | VMware ESXi version 3.5 ; | ||
| VMware | N/A | VMware Update Manager version 5.0 ; | ||
| VMware | N/A | VMware Update Manager version 4.0 ; | ||
| VMware | N/A | VMware vCO version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 4.1 ; | ||
| VMware | N/A | VMware vCenter version 4.0 ; | ||
| VMware | N/A | VMware vCenter version 4.1 ; | ||
| VMware | N/A | VMware vCOps version 5.0.2 ; | ||
| VMware | ESXi | VMware ESXi version 4.0 ; | ||
| VMware | N/A | VMware VirtualCenter version 2.5 ; | ||
| VMware | N/A | VMware Update Manager version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 5.0 ; | ||
| VMware | N/A | VMware ESX version 4.0 ; | ||
| VMware | N/A | VMware ESX version 3.5 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 1.0.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 5.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 2.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
},
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2011-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
},
{
"name": "CVE-2011-5057",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
},
{
"name": "CVE-2010-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-2496",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2012-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
},
{
"name": "CVE-2011-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
},
{
"name": "CVE-2011-4110",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2012-1583",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
},
{
"name": "CVE-2012-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
},
{
"name": "CVE-2011-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
},
{
"name": "CVE-2010-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2011-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2012-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
},
{
"name": "CVE-2012-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
},
{
"name": "CVE-2012-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
},
{
"name": "CVE-2011-3188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
},
{
"name": "CVE-2011-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
},
{
"name": "CVE-2011-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
},
{
"name": "CVE-2012-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2011-3363",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
},
{
"name": "CVE-2011-2699",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
},
{
"name": "CVE-2011-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2012-09-03T00:00:00",
"last_revision_date": "2012-09-03T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-479",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n- Java Runtime Environment (JRE) ;\n- OpenSSL ;\n- le noyau ;\n- Perl ;\n- libxml2 ;\n- glibc ;\n- GnuTLS ;\n- popt et rpm ;\n- Apache struts.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
}
]
}
CVE-2012-0864 (GCVE-0-2012-0864)
Vulnerability from cvelistv5 – Published: 2013-05-02 14:00 – Updated: 2024-08-06 18:38
VLAI
EPSS
Summary
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0531.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/52201 | vdb-entryx_refsource_BID |
| http://rhn.redhat.com/errata/RHSA-2012-0393.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2012-0397.html | vendor-advisoryx_refsource_REDHAT |
| http://sourceware.org/git/?p=glibc.git%3Ba=commit… | x_refsource_MISC |
| http://rhn.redhat.com/errata/RHSA-2012-0488.html | vendor-advisoryx_refsource_REDHAT |
| http://sourceware.org/ml/libc-alpha/2012-02/msg00… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=794766 | x_refsource_CONFIRM |
| http://www.phrack.org/issues.html?issue=67&id=9#article | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "52201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"name": "RHSA-2012:0393",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"name": "RHSA-2012:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-02T14:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "52201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52201"
},
{
"name": "RHSA-2012:0393",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
},
{
"name": "RHSA-2012:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0864",
"datePublished": "2013-05-02T14:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1569 (GCVE-0-2012-1569)
Vulnerability from cvelistv5 – Published: 2012-03-26 19:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
Summary
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"name": "48578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48578"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "49002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49002"
},
{
"name": "FEDORA-2012-4357",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "USN-1436-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"name": "FEDORA-2012-4342",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"name": "FEDORA-2012-4451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "FEDORA-2012-4308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "[gnutls-devel] 20120316 gnutls 3.0.16",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"name": "1026829",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48596"
},
{
"name": "50739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50739"
},
{
"name": "48397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48397"
},
{
"name": "48505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48505"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"name": "[help-libtasn1] 20120319 minimal fix to security issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"name": "DSA-2440",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"name": "MDVSA-2012:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"name": "FEDORA-2012-4409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"name": "FEDORA-2012-4417",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"name": "48578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48578"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "49002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49002"
},
{
"name": "FEDORA-2012-4357",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "USN-1436-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"name": "FEDORA-2012-4342",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"name": "FEDORA-2012-4451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "FEDORA-2012-4308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "[gnutls-devel] 20120316 gnutls 3.0.16",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"name": "1026829",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48596"
},
{
"name": "50739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50739"
},
{
"name": "48397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48397"
},
{
"name": "48505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48505"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"name": "[help-libtasn1] 20120319 minimal fix to security issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"name": "DSA-2440",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"name": "MDVSA-2012:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"name": "FEDORA-2012-4409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"name": "FEDORA-2012-4417",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0427",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"name": "48578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48578"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "49002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49002"
},
{
"name": "FEDORA-2012-4357",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48488"
},
{
"name": "USN-1436-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"name": "FEDORA-2012-4342",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"name": "FEDORA-2012-4451",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "FEDORA-2012-4308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "[gnutls-devel] 20120316 gnutls 3.0.16",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"name": "1026829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026829"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "48596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48596"
},
{
"name": "50739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50739"
},
{
"name": "48397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48397"
},
{
"name": "48505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48505"
},
{
"name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
"refsource": "MISC",
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"name": "[help-libtasn1] 20120319 minimal fix to security issue",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"name": "DSA-2440",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"name": "MDVSA-2012:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"name": "FEDORA-2012-4409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"name": "FEDORA-2012-4417",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1569",
"datePublished": "2012-03-26T19:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1573 (GCVE-0-2012-1573)
Vulnerability from cvelistv5 – Published: 2012-03-26 19:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
Date Public
2012-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[gnutls-devel] 20120302 gnutls 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"name": "48511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48511"
},
{
"name": "80259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80259"
},
{
"name": "52667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52667"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "48712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "1026828",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026828"
},
{
"name": "FEDORA-2012-4569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "FEDORA-2012-4578",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"name": "[gnutls-devel] 20120302 gnutls 2.12.16",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"name": "DSA-2441",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"name": "MDVSA-2012:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"name": "RHSA-2012:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[gnutls-devel] 20120302 gnutls 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"name": "48511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48511"
},
{
"name": "80259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80259"
},
{
"name": "52667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52667"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "48712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "1026828",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026828"
},
{
"name": "FEDORA-2012-4569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "FEDORA-2012-4578",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"name": "[gnutls-devel] 20120302 gnutls 2.12.16",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"name": "DSA-2441",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"name": "MDVSA-2012:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"name": "RHSA-2012:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[gnutls-devel] 20120302 gnutls 3.0.15",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"name": "48511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48511"
},
{
"name": "80259",
"refsource": "OSVDB",
"url": "http://osvdb.org/80259"
},
{
"name": "52667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52667"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48488"
},
{
"name": "48712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48712"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "1026828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026828"
},
{
"name": "FEDORA-2012-4569",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "FEDORA-2012-4578",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "48596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48596"
},
{
"name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
"refsource": "MISC",
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"name": "[gnutls-devel] 20120302 gnutls 2.12.16",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"name": "DSA-2441",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"name": "MDVSA-2012:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"name": "RHSA-2012:0429",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1573",
"datePublished": "2012-03-26T19:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:01.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1583 (GCVE-0-2012-1583)
Vulnerability from cvelistv5 – Published: 2012-06-16 21:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
Summary
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=752304 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1026930 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/53139 | vdb-entryx_refsource_BID |
| http://rhn.redhat.com/errata/RHSA-2012-0488.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/48881 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=133951357207000&w=2 | vendor-advisoryx_refsource_HP |
| http://ftp.osuosl.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=133951357207000&w=2 | vendor-advisoryx_refsource_HP |
| https://github.com/torvalds/linux/commit/d0772b70… | x_refsource_CONFIRM |
Date Public
2007-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752304"
},
{
"name": "1026930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026930"
},
{
"name": "53139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53139"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "48881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48881"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752304"
},
{
"name": "1026930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026930"
},
{
"name": "53139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53139"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "48881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48881"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1583",
"datePublished": "2012-06-16T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2110 (GCVE-0-2012-2110)
Vulnerability from cvelistv5 – Published: 2012-04-19 17:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
43 references
Date Public
2012-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT101210",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-18035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "48899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48899"
},
{
"name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
},
{
"name": "RHSA-2012:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22434"
},
{
"name": "MDVSA-2012:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
},
{
"name": "RHSA-2012:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "18756",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18756"
},
{
"name": "RHSA-2012:0518",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
},
{
"name": "DSA-2454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "USN-1424-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1424-1"
},
{
"name": "48895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48895"
},
{
"name": "48847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22439"
},
{
"name": "RHSA-2012:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "SUSE-SU-2012:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "RHSA-2012:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
},
{
"name": "FEDORA-2012-6343",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "53158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53158"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "FEDORA-2012-6395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "48942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20120419.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.openssl.org/chngview?cn=22431"
},
{
"name": "1026957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "48999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48999"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "81223",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81223"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-6403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/KB27376"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT101210",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-18035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "48899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48899"
},
{
"name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
},
{
"name": "RHSA-2012:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22434"
},
{
"name": "MDVSA-2012:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
},
{
"name": "RHSA-2012:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "18756",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18756"
},
{
"name": "RHSA-2012:0518",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
},
{
"name": "DSA-2454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "USN-1424-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1424-1"
},
{
"name": "48895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48895"
},
{
"name": "48847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22439"
},
{
"name": "RHSA-2012:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "SUSE-SU-2012:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "RHSA-2012:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
},
{
"name": "FEDORA-2012-6343",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "53158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53158"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "FEDORA-2012-6395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "48942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20120419.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.openssl.org/chngview?cn=22431"
},
{
"name": "1026957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "48999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48999"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "81223",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81223"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-6403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/KB27376"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html"
},
{
"name": "SUSE-SU-2012:1149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT101210",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-18035",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "48899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48899"
},
{
"name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html"
},
{
"name": "RHSA-2012:1308",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22434",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22434"
},
{
"name": "MDVSA-2012:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060"
},
{
"name": "RHSA-2012:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "18756",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18756"
},
{
"name": "RHSA-2012:0518",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html"
},
{
"name": "DSA-2454",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2454"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "USN-1424-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1424-1"
},
{
"name": "48895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48895"
},
{
"name": "48847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48847"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22439",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22439"
},
{
"name": "RHSA-2012:1306",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "SUSE-SU-2012:0637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html"
},
{
"name": "RHSA-2012:0522",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html"
},
{
"name": "FEDORA-2012-6343",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html"
},
{
"name": "HPSBOV02793",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57353"
},
{
"name": "53158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53158"
},
{
"name": "HPSBUX02782",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "FEDORA-2012-6395",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html"
},
{
"name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
"refsource": "CONFIRM",
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "SSRT100852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "48942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48942"
},
{
"name": "http://www.openssl.org/news/secadv_20120419.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20120419.txt"
},
{
"name": "http://cvs.openssl.org/chngview?cn=22431",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=22431"
},
{
"name": "1026957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026957"
},
{
"name": "48999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48999"
},
{
"name": "HPSBMU02776",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "81223",
"refsource": "OSVDB",
"url": "http://osvdb.org/81223"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "FEDORA-2012-6403",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html"
},
{
"name": "https://kb.juniper.net/KB27376",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/KB27376"
},
{
"name": "SSRT100844",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2110",
"datePublished": "2012-04-19T17:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:07.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…