Lucene search
K

38 matches found

OSV
OSV
added 2024/06/07 11:8 a.m.7 views

OESA-2024-1700 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder.CVE-2021-46848...

9.1CVSS7AI score0.02062EPSS
Exploits1References2
OSV
OSV
added 2024/06/07 11:8 a.m.4 views

OESA-2024-1699 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder.CVE-2021-46848...

9.1CVSS7AI score0.02062EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.2 views

SUSE CVE-2015-0289

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

5CVSS8.4AI score0.0837EPSS
Exploits0References39
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.2 views

SUSE CVE-2016-2109

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...

7.5CVSS9.2AI score0.2921EPSS
Exploits1References26
RedHat Linux
RedHat Linux
added 2023/01/23 3:30 p.m.6 views

libtasn1: Out-of-bound access in ETYPE_OK

An out-of-bounds read flaw was found in Libtasn1 due to an ETYPEOK off-by-one error in the asn1encodesimpleder function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly...

9.1CVSS6.8AI score0.02062EPSS
Exploits1References4
OSV
OSV
added 2022/10/28 11:4 a.m.4 views

OESA-2022-2030 libtasn1 security update

Libtasn1 is the ASN.1 library used by GnuTLS, p11-kit and some other packages.The goal of this implementation is to be highly portable, and only require an ANSI C99 platform.This library provides Abstract Syntax Notation One ASN.1,as specified by the X.680 ITU-T recommendation parsing and...

9.1CVSS7AI score0.02062EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.2 views

GNU Libtasn1 缓冲区错误漏洞

Libtasn1 is an ASN.1 library used by GnuTLS, p11-kit, and several other packages in the US GNU community. A buffer error vulnerability exists in GNU Libtasn1 versions prior to 4.19.0, which stems from its ETYPEOK array size check affecting asn1encodesimpleder...

9.1CVSS7.4AI score0.02062EPSS
Exploits1References27
CNVD
CNVD
added 2019/12/24 12:0 a.m.2 views

libIEC61850 'BerDecoder_decodeUint32' function buffer overflow vulnerability

libIEC61850 is an open source library for the IEC 61850 protocol. A buffer overflow vulnerability exists in the 'BerDecoderdecodeUint32' function in the mms/asn1/berdecode.c file in libIEC61850 version 1.4.0. The vulnerability stems from a networked system or product performing operations in memo...

6.5CVSS7.3AI score0.00935EPSS
Exploits1References1
OSV
OSV
added 2018/06/04 12:0 a.m.4 views

UBUNTU-CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS7.1AI score0.01796EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/06/04 12:0 a.m.6 views

PT-2018-4636 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the validation of ASN.1 encoding of signatures. Specifically, it does not fully validate the encoding on verification, allowing potential injection of extra...

9.8CVSS6.5AI score0.24282EPSS
Exploits1References90
OSV
OSV
added 2018/06/01 8:29 p.m.1 views

DEBIAN-CVE-2016-1000338

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS9.3AI score0.0186EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/09/14 12:0 a.m.44 views

InsideSecure MatrixSSL x509 certificate IssuerDomainPolicy Remote Code Execution Vulnerability(CVE-2017-2781)

Summary An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a...

7.5CVSS9.6AI score0.02344EPSS
Exploits2
Veracode
Veracode
added 2017/06/06 7:49 a.m.29 views

Copy-Paste Vulnerability (CVE) Denial Of Service (DoS)

CryptoppECC contains a copy of the Crypto++ aka cryptopp and libcrypto++ library inside it. The version that it contains is vulnerable to a denial of service DoS attack through the mishandling of the ASN1 encoding. Crypto++ allocates a SecByteBlock of the size that the ASN1 decoder reads as the...

7.5CVSS7.2AI score0.04202EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/01/17 7:16 a.m.23 views

Partial Signature Validation

bouncycastle partially validates ASN1 encoded signatures in DSA mode. It is possible to inject extra values into the signatures and still have it validate...

7.5CVSS7.4AI score0.0186EPSS
Exploits0References9Affected Software224
CNVD
CNVD
added 2016/05/04 12:0 a.m.2 views

OpenSSL ASN.1 encoder memory corruption vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. A memory corruptio...

10CVSS8.8AI score0.77906EPSS
Exploits1References1
OSV
OSV
added 2015/03/19 10:59 p.m.3 views

DEBIAN-CVE-2015-0289

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

5CVSS6.3AI score0.0837EPSS
Exploits0References1
NVD
NVD
added 2003/11/17 5:0 a.m.25 views

CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...

10CVSS9.6AI score0.85449EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2002/08/19 2:40 p.m.3 views

security flaw

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings...

5CVSS5.9AI score0.36039EPSS
Exploits1References4
Rows per page
Query Builder