197 matches found
CVE-2015-5333
CVE-2015-5333 affects LibreSSL prior to 2.3.1. A memory leak in OBJ_obj2txt can be triggered by a large number of ASN.1 object identifiers in X.509 certificates, enabling a remote attacker to cause denial of service via memory consumption. Public sources in the connected documents consistently de...
CVE-2015-5334
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
CVE-2015-5334
CVE-2015-5334 is described in CNVD as an off-by-one buffer overflow in LibreSSL’s OBJ_obj2txt() that can be triggered by a crafted X.509 certificate, potentially causing a denial of service or remote code execution. The flaw is attributed to an incorrect fix for CVE-2014-3508. The initial CVE ent...
openSUSE Security Update : proftpd (openSUSE-2020-31)
This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...
libressl/asn1: Crash in asn1_item_print_ctx
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5653710820081664 Project: libressl Fuzzer: afllibresslasn1 Fuzz target binary: asn1 Job Type: aflasanlibressl Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x60a0018b0000 Cra...
cryptofuzz/cryptofuzz-libressl: Crash in aesni_ctr32_encrypt_blocks
Project: https://github.com/guidovranken/cryptofuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5738110048010240 Project: cryptofuzz Fuzzer: libFuzzercryptofuzzcryptofuzz-libressl Fuzz target binary: cryptofuzz-libressl Job Type: libfuzzerasancryptofuzz Platform Id: linux Crash Type:...
cryptofuzz/cryptofuzz-libressl: Crash in aesni_encrypt
Project: https://github.com/guidovranken/cryptofuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5751567346565120 Project: cryptofuzz Fuzzer: libFuzzercryptofuzzcryptofuzz-libressl Fuzz target binary: cryptofuzz-libressl Job Type: libfuzzerasancryptofuzz Platform Id: linux Crash Type:...
cryptofuzz/cryptofuzz-libressl: Bad-free in aes_gcm_cleanup
Project: https://github.com/guidovranken/cryptofuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5749345716011008 Project: cryptofuzz Fuzzer: aflcryptofuzzcryptofuzz-libressl Fuzz target binary: cryptofuzz-libressl Job Type: aflasancryptofuzz Platform Id: linux Crash Type: Bad-free Cras...
libressl/asn1: Heap-buffer-overflow in asn1_item_ex_d2i
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5666378322804736 Project: libressl Fuzzer: libFuzzerlibresslasn1 Fuzz target binary: asn1 Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...
macOS < 10.14 Multiple Vulnerabilities
Binary data 700518.prm...
libressl/asn1: Heap-buffer-overflow in c2i_ASN1_INTEGER
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5723457666416640 Project: libressl Fuzzer: libFuzzerlibresslasn1 Fuzz target binary: asn1 Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...
libressl/asn1: Crash in asn1_item_print_ctx
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5665138134220800 Project: libressl Fuzzer: libFuzzerlibresslasn1 Fuzz target binary: asn1 Job Type: libfuzzerubsanlibressl Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...
libressl/asn1: Heap-buffer-overflow in do_print_ex
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5685609458302976 Project: libressl Fuzzer: libFuzzerlibresslasn1 Fuzz target binary: asn1 Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...
openSUSE Security Update : libressl (openSUSE-2019-644)
This update for libressl to version 2.8.0 fixes the following issues : Security issues fixed : - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. Other bugs fixed : - Fixed a pair of 20+...
libressl/asn1: Heap-buffer-overflow in ASN1_get_object
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5740695165337600 Project: libressl Fuzzer: libFuzzerlibresslasn1 Fuzz target binary: asn1 Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...
libressl/client: Global-buffer-overflow in ssl_sigalg
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5667522344386560 Project: libressl Fuzzer: libFuzzerlibresslclient Fuzz target binary: client Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: Global-buffer-overflow READ 2...
libressl/asn1: Crash in BN_bin2bn
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5661545494740992 Project: libressl Fuzzer: libFuzzerlibresslasn1 Fuzz target binary: asn1 Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...
libressl/server: Global-buffer-overflow in ssl_sigalg
Project: https://github.com/libressl-portable/portable.git Detailed report: https://oss-fuzz.com/testcase?key=5658594446409728 Project: libressl Fuzzer: libFuzzerlibresslserver Fuzz target binary: server Job Type: libfuzzerasanlibressl Platform Id: linux Crash Type: Global-buffer-overflow READ 2...
openSUSE: Security Advisory for nginx (openSUSE-SU-2019:0195-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : nginx (openSUSE-2019-195)
This update for nginx fixes the following issues : nginx was updated to 1.14.2 : - Bugfix: nginx could not be built on Fedora 28 Linux. - Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - Change: the logging level of the 'http request...