openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

OpenSSL ASN.1 BIO Memory Overallocation Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. A memory...

Mozilla Network Security Services Buffer Overflow Vulnerability

Mozilla Network Security Services is a library that provides cross-platform support for SSL, S/MIME and other Internet security standards. A buffer overflow vulnerability in the parsing of ASN.1 structures by Mozilla Network Security Services could be exploited by a remote attacker to construct a...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

OpenSSL ASN.1 Signed Null Pointer Reference Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. OpenSSL has a security vulnerability that can be exploited by a remote attacker to send a special ASN.1 signed certificate that uses the RSA PSS algorithm but does not contain the MAST generator...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

Mozilla Firefox and Firefox ESR Network Security Services Heap Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox.Mozilla Network Security Services NSS is a library of network security services. A buffer overflow vulnerability in the ASN.1 decoder used in Mozilla Firefox and Firefox ESR could allow an attacke...

nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)

A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

[SECURITY] Fedora 21 Update: libtasn1-4.4-1.fc21

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

openssl: ASN.1 structure reuse memory corruption

An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash...

Debian Security Advisory DSA 3056-1 (libtasn1-3 - security update)

Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 Abstract Syntax Notation One structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference. OpenVAS Vulnerability Test $Id: deb3056.nasl 6750 2017-07-18...

nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)

A flaw was found in the way NSS parsed ASN.1 Abstract Syntax Notation One input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS...

CentOS Update for libtasn1 CESA-2014:0596 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: libtasn1-3.6-1.fc20

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

UBUNTU-CVE-2013-5018

The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...

Fedora Update for nodejs-asn1 FEDORA-2013-11780

Check for the Version of nodejs-asn1 OpenVAS Vulnerability Test Fedora Update for nodejs-asn1 FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

Updated nss and nspr packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

DEBIAN-CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...