RUSTSEC-2026-0104 Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

PT-2026-34530

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::from der or OwnedCertRevocationList::from der. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

SUSE CVE-2008-3963

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

SUSE CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

UBUNTU-CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

MySQL: Using an empty binary value leads to server crash

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

MySQL: Using an empty binary value leads to server crash

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

USN-671-1: MySQL vulnerabilities

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL...