382 matches found
nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)
A use-after-free flaw was found in the way NSS processed certain DER Distinguished Encoding Rules encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause th...
nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)
A use-after-free flaw was found in the way NSS processed certain DER Distinguished Encoding Rules encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause th...
DEBIAN-CVE-2016-1979
Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data...
libldb: remote memory read in the Samba LDAP server
A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server...
CentOS Update for libipa_hbac CESA-2015:2019 centos6
Check the version of libipahbac SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882323";...
The vulnerability of the GnuTLS library, which allows a hacker to cause a service failure
The vulnerability of the GnuTLS library is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure by submitting an excessively long DistinguishedName DN parameter...
DEBIAN-CVE-2015-6251
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate...
UBUNTU-CVE-2015-6251
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate...
UBUNTU-CVE-2015-0971
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service crash via vectors related to SSL/TLS certificates...
Suricata DER Denial of Service Vulnerability
Suricata is a network intrusion detection system, intrusion prevention system and network security monitoring engine. Suricata suffers from an integer overflow error when processing DER-encoded data, allowing an attacker to exploit the vulnerability to submit a special request for a...
nss: QuickDER decoder length issue
The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...
[SECURITY] Fedora 21 Update: libtasn1-4.4-1.fc21
A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...
[SECURITY] Fedora 20 Update: libtasn1-3.8-3.fc20
A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
DEBIAN-CVE-2014-1569
The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...