TencentOS Server 2: openssl (TSSA-2023:0337)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0337 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CBL Mariner 2.0 Security Update: openssl (CVE-2021-3712)

The version of openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3712 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1281)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: OpenSSL Vulnerability Affects Watson Speech Services

Summary A Redhat OpenSSL Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0076)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...

GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...

Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

GHSA-Q9WJ-F4QW-6VFJ Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

Nessus Network Monitor < 6.0.0 Multiple Vulnerabilities (TNS-2022-02)

The version of Nessus Network Monitor NNM installed on the remote host is prior to 6.0.0. It is, therefore, affected by multiple vulnerabilities: - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holdin...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-1417)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2022-1180)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a fie...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2022-1059)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openssl security update

1.0.2k-23.0.1 - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059 1.0.2k-23 -...

Oracle Linux 7 : openssl (ELSA-2022-9023)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9023 advisory. - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linu...

openssl security update

1.0.2k-23 - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz1996054...

Juniper Junos OS Vulnerability (JSA11293)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11293 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length...

Oracle Linux 7 : openssl (ELSA-2022-0064)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0064 advisory. - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linu...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

EulerOS Virtualization 3.0.2.0 : openssl (EulerOS-SA-2021-2828)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string da...

openssl security update

1:1.1.1k-5 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz2005400...