CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...

UBUNTU-CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...

Design/Logic Flaw

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...

CVE-2015-5727

CVE-2015-5727 affects Botan BER decoder. Multiple connected advisories (Debian DSA-3565, OpenVAS NASL) confirm the issue: the BER decoder could allocate a large amount of memory when processing a length field, enabling a denial of service through memory exhaustion. Affected: Botan 1.10.x before 1...

CVE-2015-5726

Removed by vendor...

CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

CVE-2015-5726

The CVE-2015-5726 issue affects Botan BER decoder: an empty BIT STRING in ASN.1 data can cause a remote denial of service (application crash) in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19. Debian advisories confirm fixes for botan1.10 in Jessie (upgrade to 1.10.8-2+deb8u1). If applicab...

CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...

CVE-2016-4574

Off-by-one error in the appendutf8value function in the DN decoder dn.c in Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356...

UBUNTU-CVE-2016-4574

Off-by-one error in the appendutf8value function in the DN decoder dn.c in Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356...

kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system...

CVE-2016-4574

Off-by-one error in the appendutf8value function in the DN decoder dn.c in Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356...

Botan BER Decoder Denial of Service Vulnerability

Botan is a C++ library of cryptographic algorithms that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. The Botan BER decoder fails to properly allocate memory for the 'length' field, allowing remote attackers to exploit the vulnerability by submitting a special request to invoke the OOM...

Botan BER Decoder Security Bypass Vulnerability

Botan is a C++ library of cryptographic algorithms that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability in the Botan BER decoder allows remote attackers to exploit the vulnerability by submitting a special request to read untrusted ASN.1 data...

ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)

Exploit for multiple platform in category dos / poc Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9 released...

Libksba integer overflow vulnerability (CNVD-2016-02854)

Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. An integer overflow vulnerability exists in the BER decoder src/ber-decoder.c file in Libksba. A remote attacker could exploit this vulnerability...

Libksba Stack Buffer Overflow Vulnerability

Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. A stack buffer overflow vulnerability exists in the src/ber-decoder.c file of Libksba. A remote attacker could exploit this vulnerability to caus...

Libksba 'decoder src/dn.c' integer overflow vulnerability

Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. An integer overflow vulnerability exists in Libksba's DN decoder src/dn.c file. An attacker can exploit this vulnerability to cause a denial of...

Amazon Linux AMI : mercurial (ALAS-2016-697)

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7.3 allows remote...