CVE-2024-23357 NULL Pointer Dereference in HLOS

Transient DOS while importing a PKCS8-encoded RSA key with zero bytes modulus...

CVE-2024-23357 NULL Pointer Dereference in HLOS

Transient DOS while importing a PKCS8-encoded RSA key with zero bytes modulus...

PT-2024-19836 · Qualcomm · 215 Mobile Platform Firmware +212

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves a transient Denial of Service DOS that occurs when importing a PKCS8-encoded RSA key with a modulus containing zero bytes. Recommendations: At the moment, there is no...

CLSA-2024-1718639881 openssl: Fix of 2 CVEs

CVE-2023-5678: Fix that DHcheckpubkey and DHgeneratekey don't check large modulus - CVE-2023-3446: Fix that checking excessively long DH keys or parameters may be very slow...

DEBIAN-CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

AZL-42063 CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

AZL-47684 CVE-2024-4603 affecting package hvloader for versions less than 1.0.1-6

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

UBUNTU-CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

CVE-2024-4603

The CVE-2024-4603 issue in OpenSSL causes excessive time to check DSA keys/parameters via EVP_PKEY_param_check() or EVP_PKEY_public_check(), potentially leading to Denial of Service when inputs are from untrusted sources. The impact affects OpenSSL 3.0 and 3.1 FIPS providers and can manifest when...

OpenSSL 3.3.0 < 3.3.1 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.3.1 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...

openssl: Excessive time spent checking invalid RSA public keys

A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...

openSUSE: Security Advisory for openssl (SUSE-SU-2023:2962-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gnutls security update

3.6.16-8.1fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 - Allow bigger known RSA modulus sizes when calling rsageneratefips1864keypair directly Orabug: 33200526 - Change Epoch from 1 to 10...

SUSE CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-3089)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2023-2941)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2023-3075)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2023-3141)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Application...

CLSA-2023-1700593692 Fix CVE(s): CVE-2023-3446

SECURITY UPDATE: Denial of service could be encountered if a DH key or DH parameters check experience long delays. - debian/patches/CVE-2023-3446.patch: Adds check to prevent the testing of an excessively large modulus in DHcheck. - CVE-2023-3446...

CLSA-2023-1700593531 Fix CVE(s): CVE-2023-3446

SECURITY UPDATE: Denial of service could be encountered if a DH key or DH parameters check experience long delays. - debian/patches/CVE-2023-3446.patch: Adds check to prevent the testing of an excessively large modulus in DHcheck. - CVE-2023-3446...