18 matches found
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
CVE-2022-3996 affecting package edk2 for versions less than 20240223gitedc6681206c1-2
CVE-2022-3996 affecting package edk2 for versions less than 20240223gitedc6681206c1-2. A patched version of the package is available...
BELL-CVE-2022-3996 CVE-2022-3996 does not affect BellSoft software
Bulletin has no description...
openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
Ubuntu: Security Advisory (USN-6039-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6039-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6039-1 advisory. It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a...
SUSE: Security Advisory (SUSE-SU-2022:4586-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:4586-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking bsc1206374...
OpenSSL 3.0.7 update assessment
OpenSSL 3.0.7 update assessment Summary The vulnerability in the OpenSSL Security Advisory of Dec 13 2022 do not affect any active Node.js release lines. Analysis Our assessment of the security advisory is: X.509 Policy Constraints Double Locking CVE-2022-3996 Node.js doesn't call OpenSSL as a...
OpenSSL: X.509 Policy Constraints Double Locking Vulnerability (Dec 2022) - Windows
OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
OpenSSL: X.509 Policy Constraints Double Locking Vulnerability (Dec 2022) - Linux
OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
AZL-40306 CVE-2022-3996 affecting package edk2 for versions less than 20240223gitedc6681206c1-2
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...
CVE-2022-3996 vulnerabilities
Vulnerabilities for packages: openssl...
CVE-2022-3996 vulnerabilities
Vulnerabilities for packages: openssl-provider-fips, openssl...
CVE-2022-3996 X.509 Policy Constraints Double Locking
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...
CVE-2022-3996 X.509 Policy Constraints Double Locking
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...
CVE-2022-3996
CVE-2022-3996 describes an OpenSSL policy-contraint processing issue where a malformed certificate policy can trigger a write lock to be taken recursively, enabling DoS for affected processes. The vulnerability is tied to OpenSSL policy checks and the use of policy processing via -policy or X509_...
CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...