ASN1C 'asn1f_lookup_symbol_impl' function denial of service vulnerability

ASN1C is an open source ASN.1 Abstract Syntax Notation compiler that enables a variety of codecs such as BER, DER and PER. A security vulnerability exists in the 'asn1flookupsymbolimpl' function in the asn1fixretrieve.c file of libasn1fix.a in ASN1C version 0.9.28. A remote attacker can exploit...

GNU Libtasn1 '_asn1_check_identifier' Denial of Service Vulnerability

Libtasn1 is the ASN.1 library used by GnuTLS. A denial of service vulnerability exists in GNU Libtasn1 'asn1checkidentifier'. The vulnerability stems from the asn1checkidentifier function reading specially designed input, which can be exploited by an attacker to cause a remote denial of service...

UBUNTU-CVE-2017-10790

The asn1checkidentifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1node structure. It may lead to a remote denial of service attack...

LibSass 'json_mkstream()' function heap buffer overflow vulnerability

LibSass is an open source written in C using Sass CSS extension language parser . A heap buffer overflow vulnerability exists in the 'jsonmkstream' function of the sasscontext.cpp file in LibSass version 3.4.5. A remote attacker can exploit this vulnerability to cause a denial of service heap...

GitLab: SSRF vulnerability in gitlab.com via project import.

Dear GitLab bug bounty team, Summary --- It appears as though the fix to !17286 can be easily bypassed. You have blocked the usage of http://127.0.0.1, http://localhost/, etc., but http://0177.1/ and http://0x7f.1/, for instance, can still be used to scan internal ports. Error importing repositor...

openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

DEBIAN-CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

Centralized IPTables Firewall Control Script: CFC

Centralized IPTables Firewall Control Script Centralized firewall control provides a centralized way to manage the firewall on multiple servers or loadbalancers running iptables. This way you can quickly allow/block/del/search abuse ranges etc. with one command on several servers. It accesses tho...

ESnet iPerf3 Heap Buffer Overflow Vulnerability

ESnet iPerf3 is a set of tools for testing maximum bandwidth in IP networks. A heap buffer overflow vulnerability exists in the JSON handling feature of Esnet iperf version 3.1.1. A remote attacker can exploit this vulnerability to cause a heap buffer overflow with a specially crafted JSON string...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

USN-2976-1 linux-lts-utopic vulnerability

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

openssl: ASN.1 BIO handling of large amounts of data

A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO OpenSSL's I/O abstraction inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data...

DEBIAN-CVE-2015-8863

Off-by-one error in the tokenadd function in jvparse.c in jq allows remote attackers to cause a denial of service crash via a long JSON-encoded number, which triggers a heap-based buffer overflow...

Jansson Denial of Service Vulnerability

Jansson is a C language library for encoding, decoding and generating JSON data . Jansson processing special json file has a security vulnerability , allowing remote attackers can build special json file for denial of service attacks...

OpenSSL ASN.1 BIO Memory Overallocation Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. A memory...

Mozilla Network Security Services Buffer Overflow Vulnerability

Mozilla Network Security Services is a library that provides cross-platform support for SSL, S/MIME and other Internet security standards. A buffer overflow vulnerability in the parsing of ASN.1 structures by Mozilla Network Security Services could be exploited by a remote attacker to construct a...

Wireshark ASN.1 BER Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. A denial of service vulnerability exists in the Wireshark ASN.1 BER parser, which can be exploited by an attacker to cause a denial of service out-of-bounds read and application crash...