Medium: gnupg2

Issue Overview: GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. The compressed...

Debian DSA-2774-1 : gnupg2 - several vulnerabilities

Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4351 When a key or subkey had its 'key flags' subpacket set to all bits off, GnuPG currently would treat t...

Debian Security Advisory DSA 2774-1 (gnupg2 - several vulnerabilities)

Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4351When a key or subkey had its key flags subpacket set to all bits off, GnuPG currently would treat the key...

DSA-2773-1 gnupg - several

Bulletin has no description...

CVE-2013-4402

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message...

FreeBSD : gnupg -- possible infinite recursion in the compressed packet parser (749b5587-2da1-11e3-b1a9-b499baab0cbe)

Werner Koch reports : Special crafted input data may be used to cause a denial of service against GPG GnuPG's OpenPGP part and some other OpenPGP implementations. All systems using GPG to process incoming data are affected.. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

DoS vulnerability in Mozilla Firefox and Microsoft Internet Explorer

Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Mozilla Firefox and Microsoft Internet Explorer. Earlier Jean Pascal Pereira has found DoS vulnerability in browser Firefox 14.0.1 http://1337day.com/exploit/description/19201. And at 07.04.2013 I've checked this...

Samba DoS

Infinite recursion on Batched request processing...

samba: Any Batched ("AndX") request processing infinite recursion and heap-based buffer overflow

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a Batched aka AndX...

CVE-2012-0870

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a Batched aka AndX...

Mandriva Update for wireshark MDVSA-2011:044 (wireshark)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Wireshark CLDAP Dissector DOS

This module causes infinite recursion to occur within the CLDAP dissector by sending a specially crafted UDP packet. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wireshark CLDAP Dissector...

openSUSE 10 Security Update : libexif (libexif-4886)

Two bugs in libexif were identified by a Google Security Audit done by Meder Kydyraliev. CVE-2007-6351: Loading EXIF data could be used to cause a infinite recursion and crash CVE-2007-6352: Integer overflows in the thumbnail handler could be used to overflow buffers and potentially execute code ...

GLSA-200712-17 : exiftags: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-17 exiftags: Multiple vulnerabilities Meder Kydyraliev Google Security discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop and other functions...

GLSA-200712-15 : libexif: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-15 libexif: Multiple vulnerabilities Meder Kydyraliev Google Security discovered an integer overflow vulnerability in the exifdataloaddatathumbnail function leading to a memory corruption CVE-2007-6352 and an infinite...

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...

[Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

CVE-2007-6351

CVE-2007-6351 affects libexif up to version 0.6.16 and earlier via crafted Exif tags, causing an infinite recursion that can crash the application; CVE-2007-6352 is an accompanying integer-overflow issue in the same Exif parsing path that could crash or, in some contexts, allow code execution. Th...

Moderate: Red Hat Security Advisory: libexif security update

Updated libexif packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif packages contain the Exif library. Exif is an image file format specificatio...

Net::DNS: Multiple vulnerabilities

Background Net::DNS is a Perl implementation of a DNS resolver. Description hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dnexpand function which could lead to an endless loop. Impact A remote attacker could...