60 matches found
NTP < 4.2.8p15 DoS Vulnerability
Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. The CMAC cleanup introduced a bug whereby the CMAC data structure was no longer completely removed. SPDX-FileCopyrightText:...
EulerOS Virtualization 2.9.1 : ntp (EulerOS-SA-2021-1616)
According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time...
RUSTSEC-2021-0062 project abandoned; migrate to the `aes-siv` crate
The Miscreant project has been abandoned and archived. The Rust implementation has been adapted into the new aes-siv crate which implements both the AES-CMAC-SIV and AES-PMAC-SIV constructions: Please migrate to the aes-siv crate. Alternatively see the aes-gcm-siv crate for a newer, faster...
project abandoned; migrate to the `aes-siv` crate
The Miscreant project has been abandoned and archived. The Rust implementation has been adapted into the new aes-siv crate which implements both the AES-CMAC-SIV and AES-PMAC-SIV constructions: Please migrate to the aes-siv crate. Alternatively see the aes-gcm-siv crate for a newer, faster...
gnutls security and bug fix update
3.6.14-7 - Increase DH key bits to = 2048 in self-tests 1879506 - Implement self-tests for KDF and CMAC 1890870 - Fix CVE-2020-24659: heap buffer-overflow when 'norenegotiation' alert is received 1873959...
Moderate: Red Hat Security Advisory: gnutls security and bug fix update
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: gnutls security and bug fix update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Heap buffer overflow in handshake with norenegotiation alert sent CVE-2020-24659 For more details about the...
Denial Of Service (DoS)
ntpd is vulnerable to denial of service. A remote attacker is able to cause a denial of service memory consumption by sending malicious packets due to memory not bring freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...
CVE-2020-11683
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system...
CVE-2020-11683
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system...
CVE-2020-12788
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...
Information disclosure
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system...
CVE-2020-11683
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system...
CVE-2020-11683
AT91bootstrap (before 3.9.2) contains a timing side-channel vulnerability that enables attackers with physical access to forge CMAC values and boot arbitrary code on affected systems. The issue is triggered by a timing side channel in the boot process, allowing potential control over execution af...
CVE-2020-12788
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...
CVE-2020-12788
The CVE concerns CMAC verification in Microchip Atmel ATSAMA5 products. The issue stems from side-channel weaknesses (timing and power analysis) during CMAC verification, which could potentially expose sensitive information. Connected documents reiterate the affected target as ATSAMA5, but do not...
OSV-2020-1661 Use-of-uninitialized-value in fuzzing::memory::memory_test_msan
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25181 Crash type: Use-of-uninitialized-value Crash state: fuzzing::memory::memorytestmsan cryptofuzz::ExecutorBase::postp cryptofuzz::ExecutorBase::Run...
cmac.cgh.org.tw Cross Site Scripting vulnerability OBB-1236605
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
openSUSE Security Update : ntp (openSUSE-2020-1007)
This update for ntp fixes the following issues : ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service bsc1169740. - CVE-2018-8956: Fixed an issue which could have...
Security update for ntp (moderate)
openSUSE Security Update: Security update for ntp Announcement ID: openSUSE-SU-2020:1007-1 Rating: moderate References: 1125401 1169740 1171355 1172651 1173334 992038 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: openSUSE Leap 15.2 An update that...