Lucene search
+L

200 matches found

Github Security Blog
Github Security Blog
added 2024/05/15 5:47 p.m.17 views

asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption

The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSLPKCS1PADDING version, aka PKCS v1.5...

7AI score
Exploits0References4Affected Software1
F5 Networks
F5 Networks
added 2024/05/03 7:9 p.m.47 views

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

5.9CVSS5.7AI score0.00415EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/05/01 10:27 a.m.27 views

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/30 1:33 p.m.5 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/04/30 1:30 p.m.5 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.42 views

RHEL 9 : golang (RHSA-2024:2562)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2562 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.24 views

RHEL 8 / 9 : OpenShift Container Platform 4.14.22 (RHSA-2024:1897)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1897 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.7AI score0.91969EPSS
Exploits1References6
NVD
NVD
added 2024/04/25 5:15 p.m.19 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.4AI score0.00516EPSS
Exploits0References4
OSV
OSV
added 2024/04/25 5:15 p.m.23 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.3AI score0.00516EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/04 1:47 p.m.24 views

CVE-2024-3296 Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS6.5AI score0.00415EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/04/04 1:47 p.m.101 views

CVE-2024-3296

Removed by vendor...

5.9CVSS5.8AI score0.00415EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/04/04 3:24 a.m.17 views

CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS5.3AI score0.00415EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.18 views

PT-2024-25007 · Unknown +1 · Rust-Openssl +1

Name of the Vulnerable Software and Affected Versions: rust-openssl affected versions not specified Description: A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve...

5.9CVSS6.7AI score0.00415EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2024/04/03 4:25 p.m.4 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/04/03 4:5 p.m.8 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/04/03 7:42 a.m.6 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.20 views

Oracle Linux 8 : grafana-pcp (ELSA-2024-1644)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1644 advisory. 5.1.1-2 - Rebuild with latest version of golang - resolves CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux...

7.5CVSS8.1AI score0.01533EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/02 9:42 p.m.8 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/04/02 8:56 p.m.13 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/03/28 12:0 a.m.5 views

The vulnerability of the Golang programming language, related to errors in memory release during RSA encryption/decryption code, allows a hacker to cause a service failure.

The vulnerability of the Golang programming language is related to errors in memory release during RSA encryption/decryption code. Exploiting this vulnerability can allow a remote attacker to cause a service failure using specially created data...

7.8CVSS7.2AI score0.01533EPSS
Exploits0References14Affected Software2
Rows per page
Query Builder