45 matches found
CVE-2026-39829
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
EUVD-2019-7924
Malware in sbrugna...
Amazon Linux 2 : golang, --advisory ALAS2-2024-2545 (ALAS-2024-2545)
The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2545 advisory. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key...
Amazon Linux AMI : golang (ALAS-2024-1938)
The version of golang installed on the remote host is prior to 1.13.4-1.57. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1938 advisory. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public...
Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0217)
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
openssl security update
3.0.1-47.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-47 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...
openssl security and bug fix update
3.0.1-47.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-47 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...
ALSA-2023:0946 Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...
K000132765: OpenSSL vulnerabilities CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401
Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or...
K000132537: OpenSSL vulnerabilities CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401
Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or...
GHSA-VXRH-CPG7-8VJR openssl-src subject to NULL dereference validating DSA public key
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
Null pointer dereference
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217 NULL dereference validating DSA public key
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217 NULL dereference validating DSA public key
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217 NULL dereference validating DSA public key
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
CVE-2023-0217
A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted...
RUSTSEC-2023-0012 `NULL` dereference validating DSA public key
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...