Lucene search
K

19 matches found

Veracode
Veracode
added 2023/11/27 7:58 a.m.21 views

Denial Of Service (DoS)

org.bouncycastle: bcprov is vulnerable to Denial of Service DoS. The vulnerability arises due to parsing certificates in the PEMParser class. This class is responsible for parsing X.509 certificates, encoded keys and PKCS7 objects. The parser can throw an OutOfMemoryError while parsing crafted...

5.5CVSS7AI score0.00932EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2023/11/23 4:15 p.m.2 views

DEBIAN-CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafte...

5.5CVSS6.1AI score0.00932EPSS
Exploits1References1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.45 views

DOS for Handling of crafted recursive ASN.1 structures

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources, s...

6.5CVSS6.5AI score0.19295EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.43 views

K15423: GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468

Security Advisory Description GNU Libtasn1 has been cited with the following vulnerabilities, which may be exploitable on some F5 products: CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denia...

7.5CVSS6.8AI score0.068EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:44 p.m.45 views

K91100352: Mozilla NSS vulnerability CVE-2016-1950

Security Advisory Description Heap-based buffer overflow in Mozilla Network Security Services NSS before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data ...

8.8CVSS9.6AI score0.04192EPSS
Exploits0Affected Software21
NVD
NVD
added 2016/07/19 10:59 p.m.27 views

CVE-2016-5080

Integer overflow in the rtxMemHeapAlloc function in asn1rta.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow, on a system running an application compiled by ASN1C, via crafted...

10CVSS8.7AI score0.10064EPSS
Exploits0References11
Cvelist
Cvelist
added 2015/01/27 3:0 p.m.29 views

CVE-2015-1182

The asn1getsequenceof function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1sequence linked list, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted...

6.4AI score0.03246EPSS
Exploits0References8
Prion
Prion
added 2014/10/18 1:55 a.m.16 views

Null pointer dereference

Apple OS X before 10.10 allows remote attackers to cause a denial of service NULL pointer dereference via crafted ASN.1 data...

7.8CVSS6.7AI score0.02561EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2014/06/05 8:55 p.m.21 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

5CVSS7.4AI score0.068EPSS
Exploits0References24
Cvelist
Cvelist
added 2014/06/05 8:0 p.m.22 views

CVE-2014-3468

The asn1getbitder function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data...

7.2AI score0.03789EPSS
Exploits0References25
Cvelist
Cvelist
added 2014/06/05 8:0 p.m.32 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

7.4AI score0.068EPSS
Exploits0References24
UbuntuCve
UbuntuCve
added 2014/06/05 12:0 a.m.33 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

5CVSS6.9AI score0.068EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/03/27 12:0 a.m.34 views

Mandriva Linux Security Advisory : libtasn1 (MDVSA-2012:039)

A vulnerability has been found and corrected in libtasn1 : The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service...

5CVSS7.4AI score0.0446EPSS
Exploits1References1
NVD
NVD
added 2012/03/26 7:55 p.m.18 views

CVE-2012-1569

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

5CVSS8.2AI score0.0446EPSS
Exploits1References33
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.29 views

SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

5CVSS5.4AI score0.13173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.25 views

openSUSE Security Update : openldap2 (openldap2-145)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

5CVSS5.4AI score0.13173EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2008/10/17 12:0 a.m.21 views

SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 5511)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

5CVSS5.4AI score0.13173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2008/10/17 12:0 a.m.29 views

openSUSE 10 Security Update : openldap2 (openldap2-5509)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

5CVSS5.4AI score0.13173EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2008/07/01 9:0 p.m.29 views

CVE-2008-2952

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...

5CVSS6.3AI score0.13173EPSS
Exploits0
Rows per page
Query Builder