151 matches found
CVE-2024-12243
CVE-2024-12243 affects GnuTLS (which uses libtasn1 for ASN.1 DER processing). The issue is an inefficient DER decoding algorithm in libtasn1 that can cause excessive resource consumption when processing certain certificates, enabling remote DoS by sending a crafted certificate and making GnuTLS u...
CVE-2024-12133 Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...
CVE-2024-12133
CVE-2024-12133 affects libtasn1 and causes inefficient DER/SEQUENCE OF handling, enabling remote DoS via crafted certificates. Connected advisories confirm affected package libtasn1 and provide mitigations: update to patched libtasn1 versions (e.g., 4.19.x+/4.10.x+ as per distro advisories). If e...
CVE-2024-12133
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...
CVE-2024-12133
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...
OESA-2024-2386 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...
SUSE CVE-2024-9143
Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...
The vulnerability of the C++ Botan cryptographic library, related to asymmetric resource consumption, allows a hacker to induce a service failure.
The vulnerability of the C++ Botan cryptographic library is related to asymmetric resource consumption due to an excessive number of names in the subjectAlternativeName field during the processing of X.509 certificates. Exploiting this vulnerability can allow a remote attacker to cause service...
CVE-2023-32170
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this...
Unified Automation UaGateway 安全漏洞
Unified Automation UaGateway is a high-performance wrapper/proxy from Unified Automation programmed in C++. A security vulnerability exists in Unified Automation UaGateway that stems from a specific flaw in the processing of client certificates that allows an attacker to create a denial of servic...
DEBIAN-CVE-2024-27355
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...
CVE-2024-27355
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...
Python cryptography code issue vulnerability
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python cryptography versions 3.1 through 41.0.6, which stems from a null...
The vulnerability of Microsoft On-Premises Data Gateways lies in security configuration errors, allowing attackers to circumvent security restrictions.
The vulnerability of Microsoft On-Premises Data Gateways is related to errors in security settings when processing certificates. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by sending a specially crafted web request...
dotnet: Denial of Service with Client Certificates using .NET Kestrel
A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...
dotnet: Denial of Service with Client Certificates using .NET Kestrel
A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...
dotnet: Denial of Service with Client Certificates using .NET Kestrel
A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...
USN-6438-2 .Net regressions
USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem. Original advisory details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to...
USN-6438-1 dotnet6, dotnet7 vulnerabilities
Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. CVE-2023-36799 It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly...
dotnet: Denial of Service with Client Certificates using .NET Kestrel
A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...