USN-7278-1 openssl vulnerabilities

George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations. A remote attacker could possibly use this issue to recover private data. CVE-2024-13176 It was discovered that OpenSSL incorrectly handled certain memory operations...

OESA-2024-2386 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to...

DEBIAN-CVE-2024-9143

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

CVE-2024-9143

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...