CVE-2016-2109

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...

CVE-2016-2109

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...

OpenSSL ASN.1 BIO Memory Overallocation Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. A memory...

CVE-2016-2109

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...

UBUNTU-CVE-2015-2059

The stringpreputf8toucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read...

gnupg: denial of service

By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow. The bug is not easy to exploit because there only 80 possible values which can be used to overwrite memory. However, a denial of service is possible and someone may come up with other...

Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities)

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-0455Soroush Dalili discovered that a cross-site scripting countermeasure related to JavaScript URLs could be bypassed. CVE-2012-0456Atte Kettunen discovered an out of bounds read in t...

krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

CVE-2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a 1 mailto, 2 nntp, 3 news, or 4 snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7...

CVE-2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a 1 mailto, 2 nntp, 3 news, or 4 snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7...

PT-2003-1008 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.6 through 0.9.7a Description: The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilitie...

PT-2003-1621 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by providing an invalid ASN.1 value to the SPNEGO dissector. Recommendations: For Ethereal versions 0.9.12...