549 matches found
Linux kernel denial of service vulnerability (CNVD-2018-03167)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the crypto/pcrypt.c file in versions of Linux kernel prior to 4.14.13, which stems from the program's failure to properly handle the...
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...
UBUNTU-CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...
[ASA-201705-16] openvpn: denial of service
Arch Linux Security Advisory ASA-201705-16 ========================================== Severity: High Date : 2017-05-13 CVE-ID : CVE-2017-7478 CVE-2017-7479 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-271 Summary ======= The package openvpn...
RUSTSEC-2016-0005 rust-crypto is unmaintained; switch to a modern alternative
The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...
CVE-2015-3331
The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...
CVE-2015-3331
CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...
CVE-2015-3331
The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...