16 matches found
Debian Security Advisory DSA 3688-1 (nss - security update)
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of da...
Fedora 21 : suricata-2.0.8-1.fc21 (2015-7886)
This update fixes a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. Also, those processing large numbers of untrusted pcap files need to update as a malformed pcap could crash Suricata. Note that Tenable Network Security has extracted the preceding...
Fedora 22 : suricata-2.0.8-1.fc22 (2015-7730)
This update fixes a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. Also, those processing large numbers of untrusted pcap files need to update as a malformed pcap could crash Suricata. Note that Tenable Network Security has extracted the preceding...
CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
DEBIAN-CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
Code injection
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
CVE-2015-0971
CVE-2015-0971 affects Suricata’s DER parser used to decode SSL/TLS certificates. The vulnerability allows remote attackers to trigger a denial of service (crash) by sending crafted DER-encoded data, impacting Suricata versions prior to 2.0.8. Several advisories and posts (including Debian DSA-325...
CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
FreeBSD : suricata -- TLS/DER Parser Bug (DoS) (fe910ed6-f88d-11e4-9ae3-0050562a4d7b)
OISF Development Team reports : The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of issues in the 2.0 series. The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported ...
DSA-3254-1 suricata - security update
Bulletin has no description...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
CVE-2009-3876
CVE-2009-3876 affects Sun Java SE/JRE/JDK components. The vulnerability stems from the ASN.1 DER input stream parser failing to properly decode crafted DER-encoded data, allowing remote attackers to cause a denial of service via memory consumption. Affected products include Sun JRE/JDK 5.0 before...