CVE-2012-2131

Name of the Vulnerable Software and Affected Versions OpenSSL version 0.9.8v

Description The issue is caused by multiple integer signedness errors in the crypto/buffer/buffer.c file, allowing remote attackers to conduct buffer overflow attacks via crafted DER data, such as an X.509 certificate or an RSA public key. This can cause a denial of service due to memory corruption or possibly have other unspecified impacts.

Recommendations For OpenSSL version 0.9.8v, consider updating to a newer version to mitigate the risk, as this issue exists due to an incomplete fix in previous versions. As a temporary workaround, restrict the use of crafted DER data, such as X.509 certificates or RSA public keys, to minimize the risk of exploitation.