11 matches found
OpenSSL: Alternative Chains Certificate Forgery (20150709) - Linux
OpenSSL is prone to certificate forgery. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute...
OpenSSL: Alternative Chains Certificate Forgery (20150709) - Windows
OpenSSL is prone to certificate forgery. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute...
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper:...
GHSA-HX3R-JV9Q-85JW Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper:...
Fedora 25 : ca-certificates (2016-d1408c3ba3)
This is an update to the Mozilla CA certificates list version 2.9, which has been published as part of Mozilla NSS 3.26. This update reverts the CA list to the unmodified upstream CA list. The legacy CA modifications, which had previously been shipped with Fedora, have been reverted to an empty...
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products (cisco-sa-20150710-openssl)
On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security TLS/Datagram Transport Layer Security DTLS clients and SSL/TLS/DTLS servers using client authentication. Multiple Cis...
OpenSSL - Alternative Chains Certificate Forgery
OpenSSL - Alternative Chains Certificate Forgery !/usr/bin/env ruby encoding: ASCII-8BIT By Ramon de C Valle. This work is dedicated to the public domain. require 'openssl' require 'optparse' require 'socket' Version = 0, 0, 1 Release = nil class String def hexdumpstream=$stdout 0.stepbytesize - ...
GLSA-201507-15 : OpenSSL: Alternate chains certificate forgery
The remote host is affected by the vulnerability described in GLSA-201507-15 OpenSSL: Alternate chains certificate forgery During certificate verification, OpenSSL attempts to find an alternative certificate chain if the first attempt to build such a chain fails. Impact : A remote attacker could...
OpenSSL 1.0.2c Alternative chains certificate forgery Vulnerability
Exploit for multiple platform in category remote exploits The function X509verifycert checks the value of |ctx-chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx-untrusted. The normal way to use X509verifycert is to first call X509STORECTXinit; then set...
openssl -- alternate chains certificate forgery vulnerability
OpenSSL reports: During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain chec...
Vulnerability in OpenSSL - Alternative chains certificate forgery
An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Found by Adam...