Astra Linux - уязвимость в bouncycastle

Bouncy Castle for Java before version 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM-encoded streams containing X.509 certificates, PKCS8-encoded keys, and PKCS7 objects. Parsing a file that...

EUVD-2018-3100

Malware in sbrugna...

EUVD-2014-4370

Malware in sbrugna...

EUVD-2009-2654

Malware in sbrugna...

EUVD-2016-0777

Malware in sbrugna...

EUVD-2014-3480

Malware in sbrugna...

EUVD-2018-3102

Malware in sbrugna...

EUVD-2014-3479

Malware in sbrugna...

EUVD-2016-3261

Malware in sbrugna...

EUVD-2015-5672

Malware in sbrugna...

EUVD-2016-3039

Malware in sbrugna...

Amazon Linux 2 : gnutls (ALAS-2025-2885)

The version of gnutls installed on the remote host is prior to 3.3.29-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2885 advisory. A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decodi...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-1633)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000151130: GnuTLS vulnerability CVE-2024-12243

Security Advisory Description A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-1357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-32029 ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a...

CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2023-0215)

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2023-3047)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a...

Denial Of Service (DoS)

org.bouncycastle: bcprov is vulnerable to Denial of Service DoS. The vulnerability arises due to parsing certificates in the PEMParser class. This class is responsible for parsing X.509 certificates, encoded keys and PKCS7 objects. The parser can throw an OutOfMemoryError while parsing crafted...