198 matches found
Security Bulletin: Mulltiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop
Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing based side channel exists in the...
Linux Distros Unpatched Vulnerability : CVE-2024-13454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSS...
Linux Distros Unpatched Vulnerability : CVE-2024-2467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a...
Linux Distros Unpatched Vulnerability : CVE-2018-16869
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attack...
Linux Distros Unpatched Vulnerability : CVE-2018-12404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chose...
CVE-2024-1545
...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
CVE-2024-45414
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...
CVE-2024-45414
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...
CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...
CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
ALSA-2024:4378 Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSLPKCS1PADDING version, aka PKCS v1.5...
K000139508: rust-openssl vulnerability CVE-2024-3296
Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...