12 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-25742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110,...
CVE-2025-49601
A flaw was found in mbedtls. The mbedtlslmsimportpublickey function fails to validate input buffer size before reading a 32-bit field, potentially leading to an out-of-bounds read when processing truncated input. This flaw allows a network-based attacker to trigger this condition by providing a...
ALPINE-CVE-2025-49601
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...
CVE-2025-49601
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...
CVE-2025-49601
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...
CVE-2025-49601
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...
PT-2025-28013
Name of the Vulnerable Software and Affected Versions: MbedTLS versions 3.3.0 through 3.6.3 Description: The issue arises from the function mbedtls lms import public key not checking if the input buffer is at least 4 bytes before reading a 32-bit field. This allows for a possible out-of-bounds re...
The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird involve errors during the import of the SPKI RSA public key as an ECDSA P-256. These vulnerabilities allow attackers to cause crashes in the browser tabs.
The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client are related to errors during the import of the SPKI RSA public key as an ECDSA P-256. Exploiting these vulnerabilities can allow a remote attacker to cause failures in the browser tabs...
Mozilla: Web Crypto ImportKey crashes tab
The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...
Mozilla: Web Crypto ImportKey crashes tab
The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...
UBUNTU-CVE-2023-25742
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2019-9150
CVE-2019-9150 affects the Mailvelope extension prior to 3.3.0. The vulnerability arises because the extension does not require user interaction to import public keys shown on the web page, enabling trickery to hide a key import or obfuscate which key was imported. Impact is limited to the affecte...