10 matches found
Slackware: Security Advisory (SSA:2016-124-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl security update
0.9.8e-40.0.2 - CVE-2016-0799 - Fix memory issues in BIOprintf functions - CVE-2016-2105 - Avoid overflow in EVPEncodeUpdate - CVE-2016-2106 - Fix encrypt overflow - CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data...
openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2016:1273-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:1241-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-2109
The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...
Information disclosure
The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...
OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1t advisory. - The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread...
Internet Bug Bounty: ASN.1 BIO excessive memory allocation (CVE-2016-2109)
On 4 April 2016 I reported a bug to the OpenSSL Security Team where I was able to force OpenSSL to use large amounts of cpu time, memory and swap space. They confirmed receipt on 6 April 2016 and on 22 April 2016 I was notified that they were assigning CVE-2016-2109 to this flaw and the fix was...