CVE-2026-43988

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

CVE-2026-44905 Vanetza: Remote Denial of Service via Uncaught OER Encoding Exception in Cryptographic Verification

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically...

CVE-2026-43988

Affected software/component: Vanetza (ETS I C-ITS implementation). In versions 26.02 and earlier, a denial-of-service vulnerability exists in the ASN.1/OER parsing pipeline. The issue occurs when processing malformed network packets with corrupted ASN.1/OER structures; the asn1c_wrapper.cpp path ...

PT-2026-43425

Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts structures as syntactically valid even if semantic...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, which stem from the issue of not releasing the allocated memory when converting X.509 certificate fields to UTF-8. These vulnerabilities can...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.272.b10-1.el8 (AXSA:2020-816:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-816:16 advisory. OpenJDK: Credentials sent over unencrypted LDAP connection JNDI, 8237990 CVE-2020-14781 OpenJDK: Certificate blacklist bypass via alternate certifica...

UBUNTU-CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

CVE-2025-65495

CVE-2025-65495 affects libcoap 4.3.5. The issue is a signedness error in tls_verify_call_back() inside src/coap_openssl.c that can allow a remote attacker to trigger a denial of service by sending a crafted TLS certificate, causing i2d_X509() to return -1 and be misused as a malloc() size. Public...

UBUNTU-CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

UBUNTU-CVE-2024-34703

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...

SUSE CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...

USN-2975-1 linux vulnerability

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

The vulnerability of the Oracle Fusion Middleware software allows a remote attacker to replace the RSA signature.

The vulnerability of the Oracle Fusion Middleware software exists in the NSS Network Security Services library of Mozilla, which is used by the Oracle iPlanet Web Server. This vulnerability stems from incorrect processing of ASN.1 values in H.509 certificates. Exploiting this vulnerability could...

UBUNTU-CVE-2014-1560

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service X.509 certificate parsing outage via a crafted certificate that does not use ASCII character encoding in a required context...