EulerOS Virtualization 2.10.0 : shim (EulerOS-SA-2026-2063)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impac...

EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2024-2459)

According to the versions of the compat-openssl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-1746)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2024-1632)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service...

USN-6709-1 openssl1.0 vulnerabilities

It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. CVE-2023-3446 After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q...

CLSA-2024-1710786990 Fix CVE(s): CVE-2024-0727

SECURITY UPDATE: Potential Denial of Service via processing maliciously formatted PKCS12 file - debian/patches/CVE-2024-0727.patch: Fix decode error causing NULL pointer in PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, SMIMEwritePKCS7, pkcs12genmac and newpassp12 functions -...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1220)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : openssl-1_0_0 (SUSE-SU-2024:0831-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0831-1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1220)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:0815-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0815-1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a...

Amazon Linux 2 : openssl-snapsafe (ALASOPENSSL-SNAPSAFE-2024-005)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2024-005 advisory. Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of...

K000138695: OpenSSL vulnerability CVE-2024-0727

Security Advisory Description Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-520)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-520 advisory. A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is ...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-6632-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6632-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to...

OESA-2024-1147 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

Null pointer dereference in PKCS12 parsing

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

AZL-33937 CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

Null pointer dereference

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

CVE-2024-0727 PKCS12 Decoding crashes

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...