Astra Linux - уязвимость в openssl

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out-of-bound memory writes can cause the application to crash or even lead to remote code execution. However, in...

📄 Selenium Grid/Selenoid Unauthenticated Remote Code Execution

Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...

Low-level invalid GF(2^m) parameters lead to OOB memory access

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

Linux Distros Unpatched Vulnerability : CVE-2023-49316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. CVE-2023-49316 Note that Nessus relies on the...

LINE: Public-Key Encryption

We propose a public key encryption cryptosystem based on solutions of linear equation systems with predefinition of input parameters through shared secret computation for factorizable substitutions. The existence of multiple equivalent solutions for an underdetermined system of linear equations...

Efficient Modular Multiplier over GF (2^M) for ECPM

Elliptic curve cryptography ECC has emerged as the dominant public-key protocol, with NIST standardizing parameters for binary field GF2^m ECC systems. This work presents a hardware implementation of a Hybrid Multiplication technique for modular multiplication over binary field GF2m, targeting NI...

OESA-2025-1352 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or...

OESA-2024-2480 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...

ALPINE-CVE-2024-9143

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

AZL-78531 CVE-2024-9143 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

DEBIAN-CVE-2024-9143

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...

org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...

org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...

GHSA-8XFC-GM6G-VGPV Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

PT-2023-31165

Name of the Vulnerable Software and Affected Versions phpseclib versions 3.0.0 through 3.0.33 Description The issue arises from excessively large degrees in binary fields, which can lead to a denial of service. This occurs in the Math/BinaryField.php file of the phpseclib library. Recommendations...

Terrafrost phpseclib Security Vulnerabilities

Terrafrost phpseclib is a Terrafrost open source application. pure PHP implementation under the MIT license. A security vulnerability exists in Terrafrost phpseclib versions prior to 3.0.34, which stems from a Denial of Service DOS vulnerability in the file Math/BinaryField.php...

Side Channel Attack

libcryptopp.so is vulnerable to Timing Attack. The vulnerability arises from non-constant time scalar multiplication in ecp.cpp prime field curves with small leakage and algebra.cpp binary field curves with large leakage. This leakage allows an attacker to measure the duration of hundreds to...

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...