golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

kernel: tls: use-after-free with partial reads and async decrypt

A use-after-free vulnerability was found in the tls subsystem of the Linux kernel. The tlsdecryptsg function doesn't take references on the pages from clearskb, so the putpage in tlsdecryptdone releases them and a use-after-free can be triggered in processrxlist when trying to read from the...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

kernel: tls: use-after-free with partial reads and async decrypt

A use-after-free vulnerability was found in the tls subsystem of the Linux kernel. The tlsdecryptsg function doesn't take references on the pages from clearskb, so the putpage in tlsdecryptdone releases them and a use-after-free can be triggered in processrxlist when trying to read from the...

kernel: tls: use-after-free with partial reads and async decrypt

A use-after-free vulnerability was found in the tls subsystem of the Linux kernel. The tlsdecryptsg function doesn't take references on the pages from clearskb, so the putpage in tlsdecryptdone releases them and a use-after-free can be triggered in processrxlist when trying to read from the...

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

RHEL 9 : kernel (RHSA-2024:1881)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1881 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability...

Laravel Framework < 5.5.41 / 5.6.x < 5.6.30 RCE

The version of Laravel Framework installed of the remote host is prior to 5.5.41 or 5.6.x prior to 5.6.30. It is, therefore, affected by a remote code execution vulnerability due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in...

The vulnerability of the PrivateDecrypt() function in the cryptographic library of the Node.js software platform, which allows a attacker to execute the Bleichenbacher attack or the Marvin attack.

The vulnerability of the PrivateDecrypt function in the Node.js software library is related to the use of hidden auxiliary channels due to a discrepancy in the timing of decrypting valid and invalid encrypted texts based on the PKCS1 v1.5 cryptographic standard. Exploiting this vulnerability allo...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 6GK5748-1GY01-0AA0, SCALANCE W1748-1 M12 6GK5748-1GY01-0TA0, SCALANCE W1788-1 M12 6GK5788-1GY01-0AA0, SCALANCE W1788-2 EEC M12 6GK5788-2GY01-0TA0, SCALANCE W1788-2 M12 6GK5788-2GY01-0AA0, SCALANCE W1788-2IA M12 6GK5788-2HY01-0AA0, SCALAN...

CVE-2024-30191

CVE-2024-30191 (and related entries CVE-2022-47522 lineage) affects Siemens SCALANCE W700/W721/W722/W734/W738/W748/W761/W774/W778/W786/WAM/WUM/WUM766 family and similar models, describing an override of a victim’s security context in 802.11 frames. The root cause: an attacker physically nearby ca...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 6GK5748-1GY01-0AA0, SCALANCE W1748-1 M12 6GK5748-1GY01-0TA0, SCALANCE W1788-1 M12 6GK5788-1GY01-0AA0, SCALANCE W1788-2 EEC M12 6GK5788-2GY01-0TA0, SCALANCE W1788-2 M12 6GK5788-2GY01-0AA0, SCALANCE W1788-2IA M12 6GK5788-2HY01-0AA0, SCALAN...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 6GK5748-1GY01-0AA0, SCALANCE W1748-1 M12 6GK5748-1GY01-0TA0, SCALANCE W1788-1 M12 6GK5788-1GY01-0AA0, SCALANCE W1788-2 EEC M12 6GK5788-2GY01-0TA0, SCALANCE W1788-2 M12 6GK5788-2GY01-0AA0, SCALANCE W1788-2IA M12 6GK5788-2HY01-0AA0, SCALAN...

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

CVE-2024-26800

The CVE-2024-26800 entry concerns a Linux kernel TLS use-after-free in backlog decryption. Root cause: when crypto_aead_decrypt returns -EBUSY (not EINPROGRESS), tls_do_decryption waits for async decryptions, but if any completes with a failure, the code releases pages that may still be held by a...

ROS-20240404-08

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability could allow an attacker acting remotel...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...