Lucene search
+L

8 matches found

OSV
OSV
added 2025/10/29 9:50 p.m.6 views

GO-2025-4013 Panic when validating certificates with DSA public keys in crypto/x509

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS7AI score0.00361EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/23 10:33 a.m.47 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL

Summary Vulnerabilities in OpenSSL such as denial of service, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbio...

7.5CVSS6.9AI score0.20444EPSS
Exploits0Affected Software1
Cloud Foundry
Cloud Foundry
added 2023/02/24 12:0 a.m.59 views

USN-5844-1: OpenSSL vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL...

7.5CVSS8.1AI score0.59501EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/02/08 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-5844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/02/07 5:20 p.m.112 views

USN-5844-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. CVE-2023-0286 Corey Bonnell discovered that OpenSSL incorrectly handl...

7.5CVSS7.4AI score0.59501EPSS
Exploits0
OSV
OSV
added 2022/05/24 8:14 p.m.47 views

GO-2022-0213 Panic on invalid DSA public keys in crypto/dsa

Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server tha...

7.5CVSS7.3AI score0.04693EPSS
Exploits1References4
OSV
OSV
added 2019/11/02 4:54 p.m.10 views

MGASA-2019-0310 Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify, resulting in denial of service CVE-2019-17596...

7.5CVSS7.4AI score0.04693EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.38 views

Debian DSA-4551-1 : golang-1.11 - security update

Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify, resulting in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4551. The text itself is copyright C...

7.5CVSS6.9AI score0.04693EPSS
Exploits1References4
Rows per page
Query Builder