13 matches found
CVE-2024-5991
In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...
Linux Distros Unpatched Vulnerability : CVE-2024-5991
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function...
Azure Linux 3.0 Security Update: mariadb (CVE-2024-5991)
The version of mariadb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5991 advisory. - In function MatchDomainName, input param str is treated as a NULL terminated string despite being user...
CBL Mariner 2.0 Security Update: mariadb (CVE-2024-5991)
The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5991 advisory. - In function MatchDomainName, input param str is treated as a NULL terminated string despite being user...
Slackware: Security Advisory (SSA:2024-253-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] netatalk
New netatalk packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/netatalk-3.2.8-i586-1slack15.0.txz: Upgraded. Bump bundled WolfSSL library to stable version 5.7.2, GitHub 1433. For more informatio...
Slackware Linux 15.0 / current netatalk Multiple Vulnerabilities (SSA:2024-253-01)
The version of netatalk installed on the remote host is prior to 3.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-253-01 advisory. New netatalk packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...
CVE-2024-5991
In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...
CVE-2024-5991 Buffer overread in domain name matching
In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...
CVE-2024-5991
CVE-2024-5991 describes a buffer overread in wolfSSL’s domain-name matching. The vulnerability arises when MatchDomainName() treats the input as NULL-terminated even though X509_check_host() accepts a pointer+length without requiring NULL termination, allowing a caller providing a non-NULL-termin...
CVE-2024-5991 Buffer overread in domain name matching
In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...
CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-6
CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-6. A patched version of the package is available...
CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-4
CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-4. A patched version of the package is available...