Ubuntu: Security Advisory (USN-1451-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to Break Google Chrome in Six Easy Steps

Browsers are a really nice target for attackers of all stripes and skill levels. But, unless you’re a savant or have just landed here from the future, you may want to take a pass on going after Google Chrome, judging by the insane level of effort and skill that an anonymous security researcher ha...

Debian DSA-2475-1 : openssl - integer underflow

It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service application crash. %NASLMINLEVEL...

[SECURITY] [DSA 2475-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2475-1 [email protected] http://www.debian.org/security/ Raphael Geissert May 17, 2012 http://www.debian.org/security/faq -...

DSA-2475-1 openssl - integer underflow

Bulletin has no description...

DEBIAN-CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

CVE-2012-2333

CVE-2012-2333: OpenSSL contains an integer underflow in CBC mode when TLS 1.1/1.2 or DTLS is used, enabling a remote DoS or buffer over-read. Affected versions are OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c. The issue arises from incorrect explicit IV calculation and can ...

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

OpenSSL 1.0.0 < 1.0.0j Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.0j. It is, therefore, affected by a vulnerability as referenced in the 1.0.0j advisory. - Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC...

OpenSSL 1.0.1 < 1.0.1c Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.1c. It is, therefore, affected by a vulnerability as referenced in the 1.0.1c advisory. - Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC...

Vulnerability in OpenSSL - Invalid TLS/DTLS record attack

An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled TLS 1.1, TLS 1.2, and DTLS Datagram Transport Layer Security application data record lengths when using a block cipher in CBC cipher-block chaining mode. A malicious TLS 1.1, TLS 1.2, or DTLS client or...

RealNetworks RealPlayer MPG Width Integer Underflow Memory Corruption (CVE-2011-4259)

An memory corruption vulnerability has been reported in RealNetworks RealPlayer. The vulnerability is due to an integer underflow condition caused while handling MPEG-2 files with a specially crafted width parameter. A remote attacker may exploit this issue by enticing a target user to open a...

CVE-2011-4031

Integer underflow in the asfrtpparsepacket function in libavformat/rtpdecasf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet...

CVE-2011-4031

CVE-2011-4031 affects FFmpeg/libavformat: an integer underflow in asfrtp_parse_packet (rtpdec_asf.c) allows remote code execution via a crafted ASF packet. Impacted software is FFmpeg before 0.8.3; the vulnerability is fixed in 0.8.3. Related advisories (Ubuntu USN, Red Hat, NVD) confirm the issu...

CVE-2011-4031

Integer underflow in the asfrtpparsepacket function in libavformat/rtpdecasf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet...

CVE-2011-4031

Integer underflow in the asfrtpparsepacket function in libavformat/rtpdecasf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet...

CVE-2011-4031

Integer underflow in the asfrtpparsepacket function in libavformat/rtpdecasf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet...