openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

Internet Bug Bounty: Multiple use after frees in obj2ast_* methods

Multiple UAFs in Python AST API. link to bugtracker...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

USN-2976-1 linux-lts-utopic vulnerability

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

OpenSSL ASN.1 BIO Memory Overallocation Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. A memory...

OpenSSL EBCDIC Out-of-Bounds Read Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. An out-of-bounds...

Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...

Mozilla Network Security Services Buffer Overflow Vulnerability

Mozilla Network Security Services is a library that provides cross-platform support for SSL, S/MIME and other Internet security standards. A buffer overflow vulnerability in the parsing of ASN.1 structures by Mozilla Network Security Services could be exploited by a remote attacker to construct a...

Wireshark ASN.1 BER Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. A denial of service vulnerability exists in the Wireshark ASN.1 BER parser, which can be exploited by an attacker to cause a denial of service out-of-bounds read and application crash...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the ASN.1 decoder in the Mac OS X operating system is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted certificate...

OpenSSL ASN.1 Signed Null Pointer Reference Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. OpenSSL has a security vulnerability that can be exploited by a remote attacker to send a special ASN.1 signed certificate that uses the RSA PSS algorithm but does not contain the MAST generator...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

Mozilla Firefox and Firefox ESR Network Security Services Heap Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox.Mozilla Network Security Services NSS is a library of network security services. A buffer overflow vulnerability in the ASN.1 decoder used in Mozilla Firefox and Firefox ESR could allow an attacke...

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)

A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...