crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

AZL-42721 CVE-2024-0727 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 4 (5.4.4-141)

This update provides stability and performance improvements. Vulnerability id: VSTOR-77889 Cannot download updates if some incompatible legacy packages are installed. Vulnerability id: VSTOR-77910 Nginx cannot start after an update due to a legacy certificate format. Vulnerability id: VSTOR-75705...

SUSE CVE-2009-4484

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary cod...

CVE-2020-11705

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...

Cayuga Lake National Bank Information Disclosure Breach

Cayuga Lake National Bank is a Banking Services app. cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS fails to validate SSL servers with X.509 certificates, allowing man-in-the-middle attackers to spoof servers and gain access to sensitive information by crafting certificates...

Unable to Upload SAML certificate: Error : The Certificate Format is Invalid

Error in the Debug Logs : 2017-05-05T06:36:42.281-0700 | 9079446C4AA9B629 | INFO | http-nio-14443-exec-7 | com.citrix.controlpoint.rest.CertificateMgmtResource | Uploading certificate to be used As : saml . none indicates server cert 2017-05-05T06:36:42.296-0700 | 9079446C4AA9B629 | ERROR |...

Linux kernel ASN.1 DER decoder denial of service vulnerability

Linux kernel is an open source operating system. The Linux kernel's ASN.1 DER decoder handles certificate files with labels of undefined length. A local attacker can crash the system with a specially crafted DER file for X.509 certificates...

kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system...