74 matches found
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
Type confusion
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2023-0286
CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...
Amazon Linux AMI : openssl (ALAS-2023-1683)
The version of openssl installed on the remote host is prior to 1.0.2k-16.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1683 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover...
Amazon Linux 2 : openssl (ALAS-2023-1935)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1935 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a...
SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2023:0306-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0306-1 advisory. - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed...
CVE-2023-0286
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
X.400 address type confusion in X.509 `GeneralName`
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
RUSTSEC-2023-0006 X.400 address type confusion in X.509 `GeneralName`
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
Important: openssl
Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
Ubuntu 18.04 LTS : OpenSSL vulnerabilities (USN-5845-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5845-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary...
PT-2023-1352
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1 STRING but the public structure definition for...
Authentication Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...