6 matches found
EUVD-2018-8004
Malware in sbrugna...
CVE-2023-33613
axTLS v2.1.5 was discovered to contain a heap buffer overflow in the biimport function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service DoS when parsing a private key...
Code injection
In sigverify in x509.c in axTLS version 2.1.3 and before, the PKCS1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509...
Code injection
In sigverify in x509.c in axTLS version 2.1.3 and before, the PKCS1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures and put them on X.50...
CVE-2018-16150
In sigverify in x509.c in axTLS version 2.1.3 and before, the PKCS1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509...
CVE-2017-1000416
axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year 1950 of UTCTime being misinterpreted as 2050...