170 matches found
SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2023:2330-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2330-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2023:2328-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2328-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
Debian DSA-5417-1 : openssl - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5417 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy...
SUSE SLES12 Security Update : openssl (SUSE-SU-2023:2332-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2332-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that...
SUSE SLES15 / openSUSE 15 Security Update : openssl-1_0_0 (SUSE-SU-2023:2331-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2331-1 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...
CVE-2023-2650
A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...
AZL-34667 CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
ALPINE-CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
AZL-37674 CVE-2023-2650 affecting package hvloader for versions less than 1.0.1-9
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
Authentication flaw
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2023-2650
CVE-2023-2650 describes a potential Denial of Service caused by extremely slow translation of large ASN.1 OBJECT IDENTIFIERs via OBJ_obj2txt(), affecting OpenSSL-based workflows and related subsystems. Connected docs confirm multiple vendors reference this issue and link patches or updated packag...
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
Vulnerability in OpenSSL - Possible DoS translating ASN.1 object identifiers
Issue summary : Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary : Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
Slackware Linux 15.0 / current openssl Vulnerability (SSA:2023-150-01)
The version of openssl installed on the remote host is prior to 1.1.1u / 3.1.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-150-01 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6119-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6119-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possib...
SUSE CVE-2008-7159
The silcasn1encoder function in lib/silcasn1/silcasn1encode.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string...