Lucene search
+L

132 matches found

cve
cve
added 2 days ago7 views

CVE-2026-59884

pyasn1 prior to 0.6.4 contains a denial-of-service risk in its BER decoder used by CER/DER codecs: long-form tag IDs can be accumulated without an upper bound, enabling a crafted input to drive CPU usage quadratically and trigger unhandled ValueError paths in Python 3.11+ error formatting. Affect...

7.5CVSS6.1AI score0.00354EPSS
Exploits0References3
redhat
redhat
added 2026/06/30 2:27 p.m.7 views

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

6.8CVSS5.9AI score0.0016EPSS
Exploits1References6
redhat
redhat
added 2026/06/17 1:38 a.m.9 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
osv
osv
added 2026/06/12 9:2 p.m.11 views

GHSA-VC8P-8PXG-RFWG ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing

Summary The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to Int values or allocating arrays. A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger tha...

6.7CVSS5.5AI score
Exploits0References3
packetstormnews
packetstormnews
added 2026/06/11 12:0 a.m.12 views

ASN.1-Compliant CLDAP Validator

This Metasploit module implements a production-grade CLDAP LDAP over UDP validator that strictly follows ASN.1 BER encoding rules. It builds compliant LDAP search requests for Netlogon verification using carefully structured BER encoders for integers, strings, sequences, and filters. It can be us...

9.8CVSS5.3AI score0.72253EPSS
Exploits32
packetstormnews
packetstormnews
added 2026/06/10 12:0 a.m.11 views

CLDAP Analyzer with ASN.1 BER Encoding and Basic TLV Response Parser

This Python script implements a CLDAP Connectionless LDAP analyzer that builds and sends LDAP CLDAP discovery requests and parses responses using ASN.1 BER encoding and a basic TLV parser. It constructs a structured LDAP search request including DnsDomain, User, and NtVer filters, sends it over U...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:22 p.m.10 views

CVE-2026-43988

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

7.5CVSS5.5AI score0.00184EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

8.2CVSS5.6AI score0.00197EPSS
Exploits0References1
snyk
snyk
added 2026/05/29 3:19 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the INTEGERdecodeoer function. An attacker can cause a denial of service or trigger incorrect integer interpretation in downstream applications by submitting a maliciously crafted, zero-length OER payload for a...

8.8CVSS5.8AI score0.00197EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/29 2:21 p.m.11 views

CVE-2026-44378

A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
cve
cve
added 2026/05/29 1:24 p.m.29 views

CVE-2026-45615

ASN.1 compiler mouse07410/asn1c (1.4 and earlier) contains a memory-safety flaw in the OER decoding skeleton (INTEGER_oer.c). Parsing a crafted, zero-length OER payload for a variable-length, non-negative INTEGER can skip required-byte validation before extracting the MSB, causing a precise 1-byt...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.12 views

asn1c 安全漏洞

ASN1C is an ASN.1 compiler developed by Lev Walkin as a personal project. Versions of ASN1C prior to 1.4 contained security vulnerabilities. These vulnerabilities stemmed from memory safety issues in the OER decoding framework. When parsing specially crafted zero-length payloads, the decoder did...

8.2CVSS5.8AI score0.00197EPSS
Exploits0References1
snyk
snyk
added 2026/05/27 7:33 p.m.11 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the BER data parsing process. An attacker can cause excessive resource consumption and service disruption by submitting specially crafted indefinite length encodings. Remediation Upgrade botan to...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/27 4:34 p.m.9 views

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References1
cve
cve
added 2026/05/27 4:34 p.m.25 views

CVE-2026-44378

Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/05/27 4:34 p.m.3 views

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.9AI score0.00324EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/05/27 4:34 p.m.10 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.11 views

Botan 安全漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.12.0 contained security vulnerabilities. These vulnerabilities were caused byBER data, which led to reassembly behavior by the parser, potentially resulting in denial-of-service attack...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
cve
cve
added 2026/05/26 9:18 p.m.23 views

CVE-2026-44905

Vanetza (ETSI C-ITS) contains a denial-of-service condition in 26.02 and earlier due to a logic flaw in the cryptographic verification path. An incoming V2X certificate with a Psid subtype violation can be parsed syntactically, but semantic checks are not enforced until re-encoding during Straigh...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References2
osv
osv
added 2026/05/26 9:18 p.m.3 views

CVE-2026-44905 Vanetza: Remote Denial of Service via Uncaught OER Encoding Exception in Cryptographic Verification

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically...

7.5CVSS6AI score0.00202EPSS
Exploits0References4
Rows per page
Query Builder