74 matches found
CVE-2022-39829
There is a NULL pointer dereference in aes256encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVPCIPHERCTXnew...
AlmaLinux 8 : openssl (ALSA-2021:4424)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4424 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to...
GHSA-84RM-QF37-FGC2 Integer Overflow in openssl-src
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
DEBIAN-CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2021-2044)
According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1956)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1935)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data...
EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2021-1909)
According to the versions of the openssl111d packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input lengt...
USN-4738-1: OpenSSL vulnerabilities
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2021-23840 Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...
Vulnerability in OpenSSL - Integer overflow in CipherUpdate
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Null pointer deref in X509issuerandserialhash CVE-2021-23841Moderate The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to...
The vulnerability of the EVP_EncodeUpdate function (crypto/evp/encode.c) in the OpenSSL library, related to an error in processing numbers, allows a hacker to trigger a service failure.
The vulnerability of the EVPEncodeUpdate function in the OpenSSL library is related to errors in number processing. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the EVP_EncodeUpdate function (crypto/evp/evp_enc.c) in the OpenSSL library, related to an error in processing a number, allows a perpetrator to trigger a service failure.
The vulnerability of the EVPEncodeUpdate function crypto/evp/evpenc.c in the OpenSSL library is related to an error in processing numbers. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Memory Corruption Vulnerability in HollySys HD2000 of Beijing Hollis Automation Drive Technology Co.
Founded in 1993, HOLLIS is an automation and information technology solution provider in China. Ltd. A memory corruption vulnerability exists in the HollySys HD2000, which can be exploited by an attacker to construct a malformed evp file that can cause the program to crash...
Memory Corruption Vulnerability in HollySys HD2000 (CNVD-2020-18679) at Beijing Helisys Automation Drive Technology Co.
Founded in 1993, HOLLIS is an automation and information technology solution provider in China. A memory corruption vulnerability exists in HollySys HD2000, which can be exploited by an attacker to construct a malformed evp file that can cause the program to crash...
PT-2021-3610
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1i and below OpenSSL versions 1.0.2x and below Description The issue is related to the functions EVP CipherUpdate, EVP EncryptUpdate, and EVP DecryptUpdate in OpenSSL, which may overflow the output length argument when the...
openSUSE Security Update : libressl (openSUSE-2017-560)
This update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation boo968050. - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing...
openssl: EVP_EncodeUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...
openssl: EVP_EncodeUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...
openssl: EVP_EncodeUpdate overflow
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...