CVE-2012-2131

OpenSSL 0.9.8v - Buffer Overflow via Crafted DER Data

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2131. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This is a detailed technical writeup explaining the integer conversion vulnerabilities in OpenSSL (CVE-2012-2110) that lead to memory corruption. It describes how improper handling of ASN.1 data can result in heap overflows due to incorrect integer truncation and sign extension.

Description

Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tavis Ormandy · textdosmultiple
https://www.exploit-db.com/exploits/18756

This is a detailed technical writeup explaining the integer conversion vulnerabilities in OpenSSL (CVE-2012-2110) that lead to memory corruption. It describes how improper handling of ASN.1 data can result in heap overflows due to incorrect integer truncation and sign extension.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL up to and including version 1.0.1
No auth needed
Prerequisites: Ability to provide maliciously crafted ASN.1 data to a vulnerable OpenSSL instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:064
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1428-1
Vendor Advisory x_refsource_confirm
http://cvs.openssl.org/chngview?cn=22479
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20120424.txt
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2454
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5784
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48895
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75099
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48956
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/24/1
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134039053214295&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57353
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133728068926468&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026957
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53212

Scores

EPSS 0.1700
EPSS Percentile 96.7%

Details

CWE
CWE-189
Status published
Products (1)
openssl/openssl 0.9.8v
Published Apr 24, 2012
Tracked Since Feb 18, 2026