View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2012-2110 severity moderate: SUSE including 158 source package names (compat-openssl097g-0.9.7g-146.22.1, compat-openssl097g-32bit-0.9.7g-146.22.1, …), 365 product×package rows across 58 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (58 product lines)): Fixed 200, Known Not Affected 165.
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.