Rocky Linux 8 : edk2 (RLSA-2021:4198)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4198 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0017)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2022-1059)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2021-2785)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : openssl (EulerOS-SA-2021-2416)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is...

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2021-2417)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length...

Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

GHSA-QGM6-9472-PWQ7 Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2021-2032)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2021-1907)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is...

Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2021-1740)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial...

Medium: openssl11

Issue Overview: Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1...

Denial Of Service (DoS)

openssl is vulnerable to denial of service. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from t...

CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

CVE-2021-23840

CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...

cryptofuzz:cryptofuzz-openssl-noasm: Use-of-uninitialized-value in EVP_DecryptUpdate

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5736062923571200 Project: cryptofuzz Fuzzing Engine: libFuzzer Fuzz Target: cryptofuzz-openssl-noasm Job Type: libfuzzermsancryptofuzz Platform Id: linux Crash Type: Use-of-uninitialized-val...