FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- integer conversions result in memory corruption

Affected packages
openssl < 1.0.1_1

Details

VuXML ID 7184f92e-8bb8-11e1-8d7b-003067b2972c
Discovery 2012-04-19
Entry 2012-04-21

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.

References

CVE Name CVE-2012-2110
Message 20120419103522.GN30784@cmpxchg8b.com
URL http://www.openssl.org/news/secadv_20120419.txt