Lucene search
K

17 matches found

OSV
OSV
added 2025/11/21 3:59 p.m.3 views

JLSEC-2025-224 Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers ...

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service DoS via mbedtlsx509setextension...

7.5CVSS6.4AI score0.0112EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.2 views

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

...

7.5CVSS7.5AI score0.0112EPSS
Exploits0
AstraLinux
AstraLinux
added 2024/06/26 1:32 p.m.4 views

Astra Linux – Vulnerability in mbedtls

Integer overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. Attackers can exploit this vulnerability to cause a denial of service DoS attack through the mbedtlsx509setextension function...

7.5CVSS7.2AI score0.0112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.3 views

PT-2024-1659

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.x through 2.28.6 Mbed TLS versions 3.x through 3.5.1 Description The issue is related to an integer overflow vulnerability in the mbedtls x509 set extension function, which can be exploited by attackers to cause a denial of...

9.8CVSS6.8AI score0.02569EPSS
Exploits4References39
Veracode
Veracode
added 2023/08/10 9:3 a.m.29 views

Denial Of Service (DoS)

go-libp2p is vulnerable to Denial Of Service DoS. The vulnerability exists during the Noise handshake and the libp2p x509 extension verification step which allows an attacker to use large RSA keys causing resource exhaustion...

7.5CVSS6.4AI score0.01084EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2023/08/08 7:15 p.m.7 views

AZL-27872 CVE-2023-39533 affecting package golang for versions less than 1.19.12-1

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

7.5CVSS7.1AI score0.01084EPSS
Exploits1References1
OSV
OSV
added 2023/08/08 7:15 p.m.7 views

AZL-27875 CVE-2023-39533 affecting package msft-golang for versions less than 1.19.12-1

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

7.5CVSS7.1AI score0.01084EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/08/08 6:50 p.m.24 views

CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

7.5CVSS7.5AI score0.01084EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

7.5CVSS7.1AI score0.03855EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 4:56 a.m.4 views

GHSA-6748-36QP-FX6R PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificati...

8.7CVSS6AI score0.01197EPSS
Exploits0References10
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.6 views

BSA-2017-380

Security Advisory ID : BSA-2017-380 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension. Affected Products Brocade is...

5.9CVSS7AI score0.03855EPSS
Exploits0
OSV
OSV
added 2017/06/27 1:29 p.m.1 views

DEBIAN-CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

5.9CVSS7.1AI score0.03855EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/06/27 1:0 p.m.30 views

CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

6.5AI score0.03855EPSS
Exploits0References4
OSV
OSV
added 2017/06/21 12:0 a.m.4 views

UBUNTU-CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

5.9CVSS7AI score0.03855EPSS
Exploits0References5
OSV
OSV
added 2017/01/11 12:0 a.m.3 views

UBUNTU-CVE-2017-5334

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

9.8CVSS7.4AI score0.32754EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2015/09/15 12:0 a.m.7 views

The vulnerability of the GnuTLS library, which allows a hacker to cause a service failure

The vulnerability of the lib/x509/x509ext.c component in the GnuTLS library is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure using a specially crafted CRL distribution point...

7.5CVSS7.1AI score0.03921EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2015/09/02 2:59 p.m.17 views

CVE-2015-3308

Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point...

7.5CVSS7.3AI score0.03921EPSS
Exploits0References10
Rows per page
Query Builder