129 matches found
OpenSSL 1.0.2 < 1.0.2zm Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2zm. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zm advisory. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read...
Linux Distros Unpatched Vulnerability : CVE-2025-9230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact...
SUSE CVE-2025-9230
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
USN-7786-1: OpenSSL vulnerabilities
Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to decrypt CMS messages encrypted with password-based encryption. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-9230 Stanislav Fort discovered that OpenSSL ha...
AZL-67980 CVE-2025-9230 affecting package openssl for versions less than 3.3.5-1
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
CVE-2025-9230
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
CVE-2025-9230
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
AZL-67997 CVE-2025-9230 affecting package openssl for versions less than 1.1.1k-37
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
CVE-2025-9230
CVE-2025-9230 describes an out-of-bounds read (and potential write) when decrypting CMS messages encrypted with password-based (PWRI) encryption in OpenSSL. The issue can cause a crash (Denial of Service) or memory corruption with possible code execution, though exploitability is considered low a...
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
PT-2025-39986
Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm. Description: OpenSSL contains vulnerabilities due to out-of-bounds read and write issues. Specifically, an out-of-bounds read and write can occur when...
UBUNTU-CVE-2025-9230
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
...
Astra Linux – Vulnerability in Jose
Latchset JOSE with version 11 allows attackers to cause a denial of service CPU consumption by using a large p2c value also known as PBES2 Count...
OESA-2024-1471 jose security update
José is a C-language implementation of the Javascript Object Signing and Encryption standards. José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Security Fixes: latchset jose through version 11...
AZL-43528 CVE-2023-50967 affecting package jose 10-7
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
DEBIAN-CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
AZL-39857 CVE-2023-50966 affecting package rabbitmq-server for versions less than 3.11.24-2
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
jose Security Vulnerabilities
jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose 1.11.6 and earlier versions that could allow an attacker to cause a denial of service via the PBES2 Count value in the JOSE header...