MiracleLinux 8 : openssl-1.1.1k-4.el8 (AXSA:2021-2623:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2623:05 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has...

MiracleLinux 4 : openssl-1.0.1e-58.0.2.AXS4 (AXSA:2021-2478:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2478:04 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has extracted th...

Integer overflow in CipherUpdate

...

PT-2022-25518 · Samsung · Samsung Mtower

Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: A Buffer Access with Incorrect Length Value issue in the TEE CipherUpdate function allows a trusted application to trigger a Denial of Service DoS by invoking the function TEE CipherUpdat...

openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

CLSA-2021-1634922862 Fixed CVE-2021-23840 in openssl

Fixed integer overflow in CipherUpdateCVE-2021-23840...

openssl security update

1.0.2k-22 - fix CVE-2021-23841 openssl: NULL pointer dereference in X509issuerandserialhash - fix CVE-2021-23840 openssl: integer overflow in CipherUpdate - Resolves: rhbz1932132, rhbz1932126...

openssl security update

1.0.2k-22 - fix CVE-2021-23841 openssl: NULL pointer dereference in X509issuerandserialhash - fix CVE-2021-23840 openssl: integer overflow in CipherUpdate - Resolves: rhbz1932132, rhbz1932126...

CLSA-2021-1632261785 Fix of CVE: CVE-2021-23840

Fixed integer overflow in CipherUpdateCVE-2021-23840...

Fix of CVE: CVE-2021-23840

Fixed integer overflow in CipherUpdateCVE-2021-23840...

Security Bulletin: IBM DataPower Gateway vulnerable to a DoS

Summary IBM has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the applicati...

RUSTSEC-2021-0057 Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. This product has addressed the applicable CVEs. Node.js Update 4-Jan-2021 and 23-Feb-2021 security releases are available. Vulnerability Details CVEID: CVE-2020-1971...

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2021:0752-1)

This update for openssl-11 fixes the following issues : CVE-2021-23840: Fixed an Integer overflow in CipherUpdate bsc1182333 CVE-2021-23841: Fixed a NULL pointer dereference in X509issuerandserialhash bsc1182331 Note that Tenable Network Security has extracted the preceding description block...

OPENSUSE-SU-2021:0372-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620 - CVE-2021-23840: OpenSSL - Integer overflow in...

Security update for nodejs10 (important)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:0372-1 Rating: important References: 1182333 1182619 1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:0651-1)

This update for nodejs12 fixes the following issues : New upstream LTS version 12.21.0 : CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 CVE-2021-22884: DNS rebinding in --inspect bsc1182620 CVE-2021-23840: OpenSSL - Integer overflow in CipherUpda...

Node.js -- February 2021 Security Releases

Node.js reports: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file...