125 matches found
Moderate: Red Hat Security Advisory: libtasn1 security update
An update for libtasn1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
libtasn1: Out-of-bound access in ETYPE_OK
An out-of-bounds read flaw was found in Libtasn1 due to an ETYPEOK off-by-one error in the asn1encodesimpleder function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly...
[SECURITY] Fedora 36 Update: libtasn1-4.19.0-1.fc36
A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functi ons...
OESA-2022-2030 libtasn1 security update
Libtasn1 is the ASN.1 library used by GnuTLS, p11-kit and some other packages.The goal of this implementation is to be highly portable, and only require an ANSI C99 platform.This library provides Abstract Syntax Notation One ASN.1,as specified by the X.680 ITU-T recommendation parsing and...
DEBIAN-CVE-2021-46848
GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder...
ALPINE-CVE-2021-43527
NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...
python-ecdsa: DER encoding is not being verified in signatures
A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false...
thunderbird: Memory corruption when processing S/MIME messages
A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
EulerOS 2.0 SP2 : python-ecdsa (EulerOS-SA-2021-2429)
According to the version of the python-ecdsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without...
SUSE: Security Advisory (SUSE-SU-2019:2891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : python-ecdsa (EulerOS-SA-2020-2452)
According to the version of the python-ecdsa package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER...
EulerOS 2.0 SP3 : python-ecdsa (EulerOS-SA-2020-2115)
According to the version of the python-ecdsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without...
EulerOS 2.0 SP8 : python-ecdsa (EulerOS-SA-2020-1824)
According to the version of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without...
EulerOS Virtualization 3.0.6.0 : python-ecdsa (EulerOS-SA-2020-1773)
According to the version of the python-ecdsa package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER...
GHSA-P8C3-7RJ8-Q963 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...
EulerOS Virtualization for ARM 64 3.0.6.0 : python2-ecdsa (EulerOS-SA-2020-1711)
According to the version of the python2-ecdsa package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without...
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2017-1016)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-ecdsa packages fix security vulnerabilities
Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service CVE-2019-14853. It was...
DEBIAN-CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...