13 matches found
Azure Linux 3.0 Security Update: gnutls (CVE-2024-28835)
The version of gnutls installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28835 advisory. - A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a...
EUVD-2017-17764
Malware in sbrugna...
CVE-2024-12401 Cert-manager: potential dos when parsing specially crafted pem inputs
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...
OESA-2024-1507 gnutls security update
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...
UBUNTU-CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...
PT-2024-2444
Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.8.3 Description A flaw in the GnuTLS library is related to shortcomings in handling exceptional states when analyzing the cert list size parameter in the gnutls x509 trust list verify crt2 function. This issue can be...
The vulnerability of the PEMReadBioEx() function in the OpenSSL cryptographic library, which allows a hacker to trigger a denial-of-service attack
The vulnerability of the PEMReadbioex function in the OpenSSL cryptographic library is related to the repeated memory release during the processing of PEM files. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using a specially created PEM file...
OpenSSL 资源管理错误漏洞
OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
UBUNTU-CVE-2022-4450
The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...
CVE-2017-8821
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service application hang via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the...
CVE-2017-8821
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service application hang via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the...
CVE-2017-8821
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service application hang via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the...