DEBIAN-CVE-2026-5188

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : pyasn1 vulnerabilities (USN-8134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8134-1 advisory. It was discovered that pyasn1 could exhaust system resources when attempting to decode a malformed certificate. An...

CLSA-2025-1763418416 gnutls: Fix of CVE-2024-12243

CVE-2024-12243: fix inefficient algorithm in libtasn1 for decoding certain DER-encoded certificate data to prevent denial-of-service condition...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozilla-nss (SUSE-SU-2025:3804-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3804-1 advisory. - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding...

libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

EUVD-2022-3867

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-15651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a...

OESA-2025-1176 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

SUSE CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

ALPINE-CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

SUSE CVE-2022-1473

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

ALPINE-CVE-2022-1473

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

RUSTSEC-2022-0025 Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occupied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

UBUNTU-CVE-2022-1473

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

CVE-2019-5275

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate ...

CVE-2017-15341

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploi...

Denial of Service Vulnerability in Multiple Huawei Products (CNVD-2017-35588)

Huawei AR3200 is a new generation network product from China's Huawei Huawei.Huawei TE40/50/60 is an HD video conferencing endpoint that supports 1080p60. The denial of service vulnerability in multiple Huawei products is due to a problem with the device decoding X.509 certificates. A remote...

Zoho ManageEngine OpManager Encryption Algorithm Vulnerability

Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software from Zoho. A security vulnerability exists in Zoho ManageEngine OpManager versions 11 through 12.2. An attacker can exploit the vulnerability to decode certificates...

GnuTLS -- Memory corruption vulnerabilities

The GnuTLS project reports: It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted OpenPGP certificate could lead to heap and stack overflows. GNUTLS-SA-2017-2 It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted X.509 certificat...

kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUGON in the publickeyverifysignature...