18 matches found
Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Inefficient Algorithmic Complexity (CVE-2024-12243)
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...
python-cryptography: NULL-dereference when loading PKCS7 certificates
A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...
AZL-56762 CVE-2024-12243 affecting package gnutls for versions less than 3.8.3-4
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...
ALPINE-CVE-2024-12243
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...
python-cryptography: NULL-dereference when loading PKCS7 certificates
A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...
GHSA-JFHM-5GHH-2F97 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Summary Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. PoC Here is a Python code that triggers the issue: python from cryptography.hazmat.primitives.serialization.pkcs7 import loadderpkcs7certificates, loadpempkcs7certificates...
SUSE: Security Advisory (SUSE-SU-2016:1601-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2016:1601-1)
This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...
SUSE SLES11 Security Update : libtasn1 (SUSE-SU-2016:1600-1)
This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...
SUSE-SU-2016:1600-1 Security update for libtasn1
This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER certificat...
openSUSE Security Update : libtasn1 (openSUSE-2016-716)
This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...
DLA-495-1 libtasn1-3 - security update
Bulletin has no description...
MGASA-2016-0170 Updated libtasn1 package fixes security vulnerability
Updated libtasn1 packages fix security vulnerability: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service...
Updated libtasn1 package fixes security vulnerability
Updated libtasn1 packages fix security vulnerability: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service...
Ubuntu 16.04 LTS : Libtasn1 vulnerability (USN-2957-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2957-2 advisory. USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding description...
USN-2957-2: Libtasn1 vulnerability
USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue...
FreeBSD : libtasn1 -- denial of service parsing malicious DER certificates (1b0d2938-0766-11e6-94fa-002590263bf5)
GNU Libtasn1 NEWS reports : Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...
libtasn1 -- denial of service parsing malicious DER certificates
GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq...