Libksba integer overflow vulnerability (CNVD-2016-02854)

Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. An integer overflow vulnerability exists in the BER decoder src/ber-decoder.c file in Libksba. A remote attacker could exploit this vulnerability...

Libksba Stack Buffer Overflow Vulnerability

Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. A stack buffer overflow vulnerability exists in the src/ber-decoder.c file of Libksba. A remote attacker could exploit this vulnerability to caus...

Debian DSA-3565-1 : botan1.10 - security update

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. - CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector...

[SECURITY] [DSA 3565-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3565-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 02, 2016 https://www.debian.org/security/faq -...

DSA-3565-1 botan1.10 - security update

Bulletin has no description...

Debian Security Advisory DSA 3565-1 (botan1.10 - security update)

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector i...

[SECURITY] [DLA 449-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u1 CVE ID : CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, includi...

PT-2016-5899 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue arises from improper handling of decoder stack overflows in the ber-decoder.c file, allowing remote attackers to cause a denial of service abort by sending crafted BER data...

PT-2016-5900 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue is caused by an incorrect integer data type used in the ber-decoder.c file, which allows remote attackers to cause a denial of service crash via crafted BER data. This leads to a buffer...

PT-2016-5901 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue is caused by multiple integer overflows in the ber-decoder.c file, allowing remote attackers to cause a denial of service crash via crafted BER data. This leads to a buffer overflow...

UBUNTU-CVE-2016-4355

Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service crash via crafted BER data, which leads to a buffer overflow...

FreeBSD : Botan BER Decoder vulnerabilities (2004616d-f66c-11e5-b94c-001999f8d30b)

The botan developers reports : Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer...

MGASA-2016-0102 Updated botan packages fix security vulnerability

The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution CVE-2015-5726. The BER...

Updated botan packages fix security vulnerability

The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution CVE-2015-5726. The BER...

Botan BER Decoder vulnerabilities

The botan developers reports: Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer. Cra...

libksba -- local denial of service vulnerabilities

Martin Prpic, Red Hat Product Security Team, reports: Denial of Service due to stack overflow in src/ber-decoder.c. Integer overflow in the BER decoder src/ber-decoder.c. Integer overflow in the DN decoder src/dn.c...

Linux Kernel BER解码缓冲区溢出漏洞

BUGTRAQ ID: 29589 CVECAN ID: CVE-2008-1673 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的cifs和ipnatsnmpbasic模块中的ASN.1 BER解码器没有正确地计算缓冲区大小，如果远程攻击者向有漏洞的系统发送了特制的BER编码数据的话，就可以触发缓冲区溢出，导致拒绝服务或执行任意指令。 Linux kernel 2.6.x Linux kernel 2.4.x Debian ------ Debian已经为此发布了一个安全公告（DSA-1592-2）以及相应补丁: DSA-1592-2：N...