21 matches found
CVE-2019-16747
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...
EUVD-2019-7287
Malware in sbrugna...
EUVD-2019-5630
Malware in sbrugna...
EUVD-2022-38299
Malicious code in bioql PyPI...
CVE-2019-14431
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...
openSUSE 15 Security Update : mbedtls (openSUSE-SU-2022:10247-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10247-1 advisory. - An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an...
CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...
Heap overflow
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...
CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...
CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...
CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...
CVE-2019-16747
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...
CVE-2019-16747
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...
CVE-2019-14431
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...
CVE-2019-14431
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...
CVE-2019-14431
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3513, CVE-2014-3567)
Summary There are multiple vulnerabilities in OpenSSL that is used IBM Tivoli Netcool System Service Monitors/Application Service Monitors. These issues were disclosed on October 15, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3513 DESCRIPTION: OpenSSL is vulnerable to a...
Amazon Linux AMI : openssl (ALAS-2014-427)
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory leak flaw was...
Denial Of Service Vulnerability in OpenSSL (Jun 2009) - Linux
OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
Vulnerability in OpenSSL CVE-2009-1386
Fix a NULL pointer dereference if a DTLS server recieved ChangeCipherSpec as first record. A remote attacker could use this flaw to cause a DTLS server to crash. Found by Alex Lam...