MiracleLinux 3 : bind-9.3.3-10.5AXS3 (AXSA:2009-15:01)

"The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-15:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names t...

browserify-sign Data Forgery Issue Vulnerability

browserify-sign is a package for replicating the node encryption public key function. A security vulnerability exists in browserify-sign, which stems from a faulty ceiling check in the dsaVerify function that allows an attacker to successfully verify a signature with any public key, leading to a...

SUSE CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...

Uncaught Exception

Overview std/crypto/dsa is a Go standard library package std/crypto/dsa Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: via the dsa.Verify function. An attacker can cause a panic and potentially crash the application by submitting a crafted DSA...

SUSE: Security Advisory (SUSE-SU-2018:2089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

golang: invalid public key causes panic in dsa.Verify

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

golang: invalid public key causes panic in dsa.Verify

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2452-2)

This update for libgcrypt fixes the following issues : The following security vulnerability was addressed : CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed: Extended the fipsdrv dsa-sign and dsa-verify...

Security update for libgcrypt (moderate)

This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-veri...

AZL-79052 CVE-2016-3959 affecting package golang 1.25.7-1

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...

DEBIAN-CVE-2009-0129

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSAverify and DSAdoverify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

CVE-2009-0129

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSAverify and DSAdoverify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

PT-2009-2823 · Openssl +2 · Openssl +2

Name of the Vulnerable Software and Affected Versions: Erlang affected versions not specified Description: The issue is related to the improper checking of the return value from the OpenSSL DSA do verify function in the Erlang crypto drv.c module. This might allow remote attackers to bypass...

PT-2009-2819 · Tenable +1 · Nessus Attack Scripting Language Library +1

Name of the Vulnerable Software and Affected Versions: Nessus Attack Scripting Language library aka libnasl version 2.2.11 Description: The issue concerns a potential problem in the Nessus Attack Scripting Language library where the return value from the OpenSSL DSA do verify function is not...

CVE-2009-0050

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

DEBIAN-CVE-2009-0050

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...