161 matches found
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
SUSE CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
DEBIAN-CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
UBUNTU-CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
The vulnerability in operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS, related to uncontrolled resource consumption during certificate processing, allows attackers to trigger service failures.
The vulnerability of operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS is related to an uncontrolled consumption of resources during the processing of certificates. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2023-23524
A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service...
PT-2023-4721 · Unified Automation · Uagateway
Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: The issue is related to incorrect certificate validation due to an integer overflow when processing the certificate length field. This allows a remote attacker to creat...
About the security content of watchOS 9.3.1
About the security content of watchOS 9.3.1 This document describes the security content of watchOS 9.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
The vulnerability of the c_rehash implementation in the OpenSSL library allows a hacker to execute arbitrary commands.
The vulnerability of the crehash implementation in the OpenSSL library is related to the failure to take measures to neutralize metasymbols during certificate processing in /etc/ssl/certs/. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
GHSA-Q9WJ-F4QW-6VFJ Read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...
The vulnerability of the gpg2 utility arises from writing beyond the allocated memory space, allowing a perpetrator to cause a service failure.
The vulnerability of the gpg2 utility arises from writing beyond the allocated memory. Exploiting this vulnerability can allow an attacker to cause a service failure upon processing a certificate file that is specially crafted...
CVE-2021-37106
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...
AZL-6780 CVE-2021-3712 affecting package openssl for versions less than 1.1.1k-11
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...
DEBIAN-CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...
Buffer overflow
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...