73 matches found
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...
EulerOS 2.0 SP8 : nss-softokn (EulerOS-SA-2020-2523)
According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This...
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...
Design/Logic Flaw
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol SIP ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache...
UBUNTU-CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length...
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...
CVE-2019-5096
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this reques...
CVE-2019-5097
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...
Denial of service
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...
CVE-2019-5097
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...
CVE-2019-5097
The CVE-2019-5097 entry documents a denial-of-service in the GoAhead web server’s handling of multipart/form-data. A specially crafted, unauthenticated HTTP request (GET or POST), targeting GoAhead versions v5.0.1, v4.1.1, and v3.6.5, can cause an infinite loop in the process, potentially impacti...
EmbedThis GoAhead web server denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated i...
EmbedThis GoAhead web server code execution vulnerability
Summary An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of thi...
Ruby on Rails: Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS
The multi-part body parsing in Rack and consequently Rails has a worse-than-linear performance relative to the number of parts in the request body. In small scale i.e. non-disruptive tests on a variety of Rails applications on the internet, including my own, GitHub.com, Heroku API, Instacart,...
[SECURITY] Fedora 27 Update: mimedefang-2.81-1.fc27
MIMEDefang is an e-mail filter program which works with Sendmail 8.12 and later. It filters all e-mail messages sent via SMTP. MIMEDefang splits multi-part MIME messages into their components and potentially deletes or modifies the various parts. It then reassembles the parts back into an e-mail...
Out-of-bounds
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...
CVE-2017-9359
CVE-2017-9359 affects the PJProject/PJSIP multi-part body parser used by Asterisk Open Source (13.x prior to 13.15.1; 14.x prior to 14.4.1) and Certified Asterisk (and other products). The vulnerability arises in the body parser handling crafted packets, allowing remote attackers to cause a denia...
Asterisk Multiple DoS Vulnerabilities (May 2017)
Asterisk is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)
The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...
asterisk -- Buffer Overrun in PJSIP transaction layer
The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...