net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

GO-2022-1089 OctoRPKI crashes when max iterations is reached in github.com/cloudflare/cfrpki

OctoRPKI crashes when max iterations is reached in github.com/cloudflare/cfrpki...

Denial Of Service (DoS)

github.com/cloudflare/cfrpki is vulnerable to denial of service. The vulnerability exists because the validationLoop function in octorpki.go exceeds the max iterations parameter when creating long chains of CAs, allowing an attacker to crash the application...

CVE-2022-3616

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...

CVE-2022-3616

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...

CVE-2022-3616 OctoRPKI crash when maximum iterations number is reached

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...

SUSE-SU-2020:3416-1 Security update for xen

This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issue fixed: - Adjusted help for --maxiters, default is 5 bsc1177950...

SUSE-SU-2020:3412-1 Security update for xen

This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed: - Updated to Xen 4.13.2 bug fix release bsc1027519. - Fixed a panic during MSI cleanup on AMD...