Lucene search
+L

129 matches found

Cvelist
Cvelist
added 2024/07/03 12:0 a.m.29 views

CVE-2024-39223

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...

0.00696EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.16 views

PT-2024-28396 · Gost +1 · Gost +1

Name of the Vulnerable Software and Affected Versions: gost version 2.11.5 Description: An authentication bypass in the SSH service allows attackers to intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey. This issue is related to missing key verification ...

9.9CVSS6.3AI score0.97781EPSS
Exploits21References141
Openbugbounty
Openbugbounty
added 2023/09/07 10:53 p.m.4 views

ruske-normy-gost.cz Cross Site Scripting vulnerability OBB-3655177

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
NVD
NVD
added 2023/05/30 4:15 a.m.13 views

CVE-2023-32691

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References2
Prion
Prion
added 2023/05/30 4:15 a.m.22 views

Design/Logic Flaw

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

2.6CVSS5.6AI score0.00574EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/05/30 3:6 a.m.50 views

CVE-2023-32691 ginuerzh/gost vulnerable to Timing Attack

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.9AI score0.00574EPSS
Exploits1References2
CVE
CVE
added 2023/05/30 3:6 a.m.69 views

CVE-2023-32691

CVE-2023-32691 affects gost (GO Simple Tunnel) written in Go. The root cause is untrusted input from an HTTP header being compared directly to a secret (not using constant-time comparison), enabling a side-channel timing attack to guess secrets. The common remediation is to switch to constant-tim...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/05/24 4:8 a.m.52 views

Timing Attack

github.com/ginuerzh/gost is vulnerable to Timing Attacks. The vulnerability exists because the Authenticate function of auth.go does not properly compare sensitive secrets such as passwords, tokens and API keys using constant-time comparison, which allows an attacker to guess a secret by observin...

5.9CVSS6.7AI score0.00574EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/05/22 7:47 p.m.75 views

GHSA-QJRQ-HM79-49WW ginuerzh/gost vulnerable to Timing Attack

Timing attacks occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function. More information on this attack type can ...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2023/02/22 10:59 a.m.30 views

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-lan...

0.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client...

5CVSS6.8AI score0.04992EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.4 views

SUSE CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

8.1CVSS6.7AI score0.01607EPSS
Exploits0References112
F5 Networks
F5 Networks
added 2022/12/22 10:11 p.m.6 views

K15395: OpenSSL vulnerability CVE-2012-0027

Security Advisory Description The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client. CVE-2012-0027 Impact This vulnerability could...

5CVSS6.8AI score0.04992EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.6 views

WithSecure Endpoint Protection 安全漏洞

engine is an OpenSSL reference implementation of the GOST encryption algorithm. withSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure Endpoint Protection. No information about this vulnerability is available at this...

5.5CVSS5.8AI score0.00408EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/26 12:0 a.m.7 views

The vulnerability of the encryption algorithm implementation according to GOST 34.12 in the CTR_OMAC library, which is used in the implementation of the OpenSSL protocol, allows a perpetrator to trigger buffer overflows, provided that the server uses 512-bit secret keys.

The vulnerability of the encryption algorithm implementation according to GOST 34.12 for the CTROMAC library, used in the implementation of the OpenSSL protocol, is related to errors in processing the encryption key for the BLOB object a large binary object in the...

5.9CVSS7.4AI score0.01597EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2022/05/24 3:15 p.m.38 views

CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS0.01597EPSS
Exploits0References5
Prion
Prion
added 2022/05/24 3:15 p.m.14 views

Buffer overflow

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

5CVSS7.6AI score0.01597EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 3:15 p.m.4 views

UBUNTU-CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.5AI score0.01597EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/05/24 3:15 p.m.35 views

CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.4AI score0.01597EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/05/24 2:55 p.m.56 views

CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.6AI score0.01597EPSS
Exploits0
Rows per page
Query Builder