FreeBSD : cryptopp -- multiple vulnerabilities (eab68cff-bc0c-11e6-b2ca-001b3856973b)

Multiple sources report : CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)

This update for jasper fixes the following issues: Security fixes : - CVE-2016-8887: NULL pointer dereference in jp2colrdestroy jp2cod.c bsc1006836 - CVE-2016-8886: memory allocation failure in jasmalloc jasmalloc.c bsc1006599 - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in...

SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)

This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2016-8887: NULL pointer dereference in jp2colrdestroy jp2cod.c bsc1006836 - CVE-2016-8886: memory allocation failure in jasmalloc jasmalloc.c bsc1006599 - CVE-2016-8884,CVE-2016-8885: two NUL...

openSUSE Security Update : jasper (openSUSE-2016-1263)

This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2008-3522: Buffer overflow in the jasstreamprintf function in libjasper/base/jasstream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related...

tpm2: g_forceFailureMode

Project: https://chromium.googlesource.com/chromiumos/thirdparty/tpm2 Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6356831496568832 Fuzzer: libFuzzertpm2executecommandfuzzer Job Type: libfuzzerasantpm2 Platform Id: linux Crash Type: ASSERT Crash Address: Crash State:...

OPENSUSE-SU-2016:2556-1 Security update for ffmpeg

This update for ffmpeg fixes multiple security issues in ffmpeg boo1003806 These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution. - CVE-2016-7562: out-of-bounds...

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

PT-2016-7317

Name of the Vulnerable Software and Affected Versions Crypto++ versions through 5.6.4 Description The issue concerns the lack of documentation for a compile-time definition that disables assert calls, potentially allowing attackers to obtain sensitive information from process memory after an...

On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net

! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...

(size_t)BIO_write(in, buf, len) == len

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6308967940620288 Fuzzer: libFuzzer Job Type: libfuzzerasanopenssl Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: sizetBIOwritein, buf, len == len fuzzer::Fuzzer::ExecuteCallback fuzzer::Fuzzer::RunOne...

CVE-2016-4053

CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...

Squid remote denial of service vulnerability analysis-vulnerability warning-the black bar safety net

Introduction The Squid Cache is an HTTP proxy server software. The Squid a wide range of uses, can be used as a cache server, may filter traffic help network security, but also can be used as a proxy server in the chain of a ring, the up-level proxy to forward the data or directly connected to th...

Squid assert函数引起的远程拒绝服务漏洞

来源链接：https://security.tencent.com/index.php/blog/msg/102 分析 笔者对其中一个漏洞补丁进行了分析,发现漏洞的缘由主要由assert函数引起的http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch 。 Assert函数在C程序中称为断言（assertion），用来提示一些可能存在的错误。主要用于程序调试。 函数用法： include void assert int exp ; 功能：...

CentOS Update for libcacard CESA-2016:0083 centos7

Check the version of libcacard SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882388";...

FreeBSD 远程拒绝服务攻击漏洞

0x01 漏洞复现 此漏洞是由于FreeBSD在处理ipv6数据包时，某函数对于数据的检验不严格，导致若传入的ipv6结构体某成员函数为NULL时，在后续函数调用中会触发assert，导致freebsd进入异常处理机制，内核崩溃引发系统重启，下面对此漏洞进行详细分析。 首先对于漏洞环境的搭建我不讲解了，在我的微信公众号上发了一篇文章专门讲解FreeBSD环境的搭建，包括内核调试，vmtools安装等等，环境搭建好之后，通过执行poc.py，发现程序重启，重启过程中，/var/crash下会生成崩溃信息。...

lldpd: denial of service

CVE-2015-5714 denial of service A buffer overflow has been discovered when handling management address TLV. When a remote device was advertising a too large management address while still respecting TLV boundaries, lldpd would crash due to a buffer overflow. - CVE-2015-5715 denial of service A...

lldpd -- Buffer overflow/Denial of service

The lldpd developer Vincent Bernat reports: A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert in this part...

Updated openldap package fixes security vulnerability

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call in the bergetnext method in a/libraries/liblber/io.c that is hit when decoding tampered BER data CVE-2015-6908...

openldap: denial of service

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call within the bergetnext method io.c line 682 that is hit when decoding tampered BER data. The following proof of concept exploit can be used to trigger the condition: echo...

OpenLDAP 2.4.42 - ber_get_next Denial of Service

Exploit Title: OpenLDAP 2.4.42 bergetnext DOS Date: 11/09/15 Exploit Author: Denis Andzakovic - Security-Assessment.com Vendor Homepage: http://www.openldap.org/ Software Link: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.42.tgz Version: Y Y \ / /| / \ /||| / / /.-. / /:wq...