41 matches found
SUSE CVE-2015-5333
Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...
SUSE CVE-2015-5334
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
OpenSSL Multiple Vulnerabilities (20140806 - 1) - Windows
OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2015-5333
Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...
Memory corruption
Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...
CVE-2015-5334
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
Stack overflow
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
CVE-2015-5333
CVE-2015-5333 affects LibreSSL prior to 2.3.1. A memory leak in OBJ_obj2txt can be triggered by a large number of ASN.1 object identifiers in X.509 certificates, enabling a remote attacker to cause denial of service via memory consumption. Public sources in the connected documents consistently de...
CVE-2015-5333
Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...
CVE-2015-5334
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
CVE-2015-5334
CVE-2015-5334 is described in CNVD as an off-by-one buffer overflow in LibreSSL’s OBJ_obj2txt() that can be triggered by a crafted X.509 certificate, potentially causing a denial of service or remote code execution. The flaw is attributed to an incorrect fix for CVE-2014-3508. The initial CVE ent...
EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...
Internet Bug Bounty: OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
The function TSOBJprintbio misuses OBJobj2txt: the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. refer: https://www.openssl.org/news/secadv/20160922.txt...
Information Disclosure
OpenSSL is vulnerable to information disclosure. When pretty printing through the OBJobj2txt function in crypto/objects/objdat.c is it possible for attackers to read from the process stack memory. This is caused because OpenSSL does not ensure the presence of \0 characters...
The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality of protected information.
The vulnerability exists in the OBJobj2txt function in crypto/objects/objdat.c of OpenSSL. This vulnerability arises due to the absence of the '\0' character. Exploiting this vulnerability allows attackers to access confidential information from the stack memory of the process, by using the outpu...
LibreSSL -- Memory leak and buffer overflow
Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...
openssl: information leak in pretty printing functions
It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...
openssl: information leak in pretty printing functions
It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...
CVE-2014-3508
The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...
CVE-2014-3508
The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...