21 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-27354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing a...
phpseclib a large prime can cause a denial of service
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...
GHSA-HG35-MP25-QF6H Duplicate Advisory: phpseclib: guardrails needed on isPrime and randomPrime
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...
Duplicate Advisory: phpseclib: guardrails needed on isPrime and randomPrime
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...
DEBIAN-CVE-2024-27354
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service CPU consumption for an isPrime primality check. NOTE: this issue was introduced when...
UBUNTU-CVE-2024-27354
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service CPU consumption for an isPrime primality check. NOTE: this issue was introduced when...
phpseclib security vulnerability
phpseclib is a PHP secure communication library open-sourced by phpseclib. A security vulnerability exists in phpseclib versions prior to 1.0.23, 2.0.47, and 3.0.36, which stems from a denial of service that allows an attacker to construct an incorrectly-formatted certificate containing a very...
CVE-2024-27354
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service CPU consumption for an isPrime primality check. NOTE: this issue was introduced when...
SUSE CVE-2018-0732
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
CVE-2018-15769
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 in 4.0.x series and versions prior to 4.1.6.2 in 4.1.x series contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service DoS on TLS clients during the handshake when a very large prime value is se...
openssl security, bug fix, and enhancement update
1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...
openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3692-1 advisory. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perfor...
USN-3692-2: OpenSSL vulnerabilities
USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and...
DEBIAN-CVE-2018-0732
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
ALPINE-CVE-2018-0732
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
CVE-2018-0732 Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
UBUNTU-CVE-2018-0732
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...