14 matches found
JLSEC-2026-221 Integer Overflow in openssl-src
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
openssl: integer overflow in CipherUpdate
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
DEBIAN-CVE-2019-11745
When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
UBUNTU-CVE-2019-11745
When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...
openssl: EVP_EncryptUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...
openssl: EVP_EncryptUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...
openssl: EVP_EncryptUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...
UBUNTU-CVE-2016-2106
Integer overflow in the EVPEncryptUpdate function in crypto/evp/evpenc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of data...