6 matches found
The vulnerability of the OpenSSL cryptographic library, related to errors in the certificate validation process, allows a perpetrator to cause a service failure.
The vulnerability of the OpenSSL cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures using a specially created certificate chain...
golang: math/big: panic during recursive division of very large numbers
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...
DEBIAN-CVE-2018-0487
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session...
CVE-2014-0636
EMC RSA BSAFE Micro Edition Suite MES 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain...
CVE-2014-2234
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent TEA feature without terminating certain TLS/SSL handshakes as specified in the SSLCTXsetverify callback function's documentation, which allows remote attackers to bypass extra verification within a...
CVE-2014-2234
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent TEA feature without terminating certain TLS/SSL handshakes as specified in the SSLCTXsetverify callback function's documentation, which allows remote attackers to bypass extra verification within a...