Lucene search
K

126 matches found

OSV
OSV
added 2022/05/03 12:0 p.m.37 views

RUSTSEC-2022-0025 Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occupied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

7.5CVSS8.4AI score0.02386EPSS
Exploits0References3
RustSec
RustSec
added 2022/05/03 12:0 p.m.42 views

Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occupied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

7.5CVSS1.5AI score0.02386EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2022/05/03 12:0 a.m.56 views

Vulnerability in OpenSSL - Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

8.2AI score0.02386EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2022/05/03 12:0 a.m.48 views

CVE-2022-1473

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

7.5CVSS6.7AI score0.02386EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/03/23 8:15 p.m.200 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/03/23 12:0 a.m.72 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.8AI score0.02037EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2022/03/23 12:0 a.m.1068 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/03/16 1:52 p.m.49 views

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service DoS condition when parsing certificates. Tracked as CVE-2022-0778 CVSS score: 7.5, the issue stems from parsing a malformed certificate with...

7.5CVSS0.2AI score0.70561EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/03/16 12:0 a.m.549 views

OpenSSL 1.1.1 < 1.1.1n Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1n. It is, therefore, affected by a vulnerability as referenced in the 1.1.1n advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...

7.5CVSS6.8AI score0.70561EPSS
Exploits2References4
OSV
OSV
added 2022/01/05 3:31 p.m.44 views

GO-2021-0160 Incorrect calculation affecting RSA computations in math/big

Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...

7.5CVSS7.2AI score0.02627EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/07/15 5:1 p.m.18 views

CVE-2020-11633

The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges...

10AI score0.01891EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/12/21 5:15 p.m.25 views

CVE-2020-26263

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

7.5CVSS7.1AI score0.01276EPSS
Exploits1References7
OSV
OSV
added 2020/12/21 4:56 p.m.17 views

GHSA-WVCV-832Q-FJG7 RSA weakness in tslite-ng

Impact The code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, code in current as of 0.8.0-alpha38 master https://github.com/tlsfuzzer/tlslite-ng/blob/0812ed60860fa61a6573b2c0e18771414958f46d/tlslite/utils/rsakey.pyL407-L441 and code in...

8.7CVSS7.4AI score0.01276EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2020/12/21 4:56 p.m.41 views

RSA weakness in tslite-ng

Impact The code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, code in current as of 0.8.0-alpha38 master https://github.com/tlsfuzzer/tlslite-ng/blob/0812ed60860fa61a6573b2c0e18771414958f46d/tlslite/utils/rsakey.pyL407-L441 and code in...

7.5CVSS7.4AI score0.01276EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/25 12:0 a.m.25 views

Junos OS: SSL-Proxy DoS (JSA10973)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service DoS vulnerability in the SSL-Proxy feature on SRX devices, which fails to handle a hardware resource limitation that can be exploited by remote SSL/TLS servers to crash the flowd...

7.5CVSS7.4AI score0.01064EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/09 7:26 p.m.33 views

CVE-2019-0051 SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature.

SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the...

6.5CVSS7.5AI score0.01064EPSS
Exploits0References1
Prion
Prion
added 2019/03/21 9:29 p.m.17 views

Design/Logic Flaw

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate...

6.4CVSS8.6AI score0.01305EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/03/21 9:29 p.m.16 views

CVE-2019-8351

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate...

9.1CVSS8.7AI score0.01305EPSS
Exploits0References1
Arista
Arista
added 2019/01/16 12:0 a.m.87 views

Security Advisory 0039

Security Advisory 0039 PDF Date: January 16th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | January 16th, 2019 | Initial Release The CVE-IDs tracking this issue are CVE-2018-16873, CVE-2018-16874 and CVE-2018-16875 Description This advisory is to document the impact of...

8.1CVSS7.7AI score0.66252EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.48 views

Amazon Linux AMI : golang (ALAS-2018-1130)

In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS8AI score0.66252EPSS
Exploits0References4
Rows per page
Query Builder