oss-sec mailing list archives
OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
From: Solar Designer <solar () openwall com>
Date: Fri, 20 Apr 2012 13:11:19 +0400
Hi, This should have been posted in here yesterday (and by someone more familiar with the topic), but better a bit late than never. Tavis Ormandy of Google Security Team found a vulnerability in OpenSSL: incorrect integer conversions in OpenSSL can result in memory corruption. http://lists.openwall.net/full-disclosure/2012/04/19/4 Advisory from OpenSSL: http://openssl.org/news/secadv_20120419.txt Fortunately, the SSL/TLS code of OpenSSL is not affected - but some other uses of OpenSSL are. There are updates for 1.0.1, 1.0.0, and 0.9.8. Alexander
Current thread:
- OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 20)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tomas Hoger (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)