Lucene search
K

41 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.2 views

SUSE CVE-2015-5333

Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...

7.5CVSS8.3AI score0.01978EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.2 views

SUSE CVE-2015-5334

Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...

9.8CVSS7AI score0.03489EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/07/19 12:0 a.m.32 views

OpenSSL Multiple Vulnerabilities (20140806 - 1) - Windows

OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS7.3AI score0.51436EPSS
Exploits0References1
NVD
NVD
added 2020/01/23 9:15 p.m.16 views

CVE-2015-5333

Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...

7.5CVSS8.2AI score0.01978EPSS
Exploits1References4
Prion
Prion
added 2020/01/23 9:15 p.m.21 views

Memory corruption

Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...

5CVSS6.9AI score0.01978EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2020/01/23 8:15 p.m.27 views

CVE-2015-5334

Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...

9.8CVSS6.8AI score0.03489EPSS
Exploits1References5
Prion
Prion
added 2020/01/23 8:15 p.m.32 views

Stack overflow

Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...

7.5CVSS8AI score0.23292EPSS
Exploits1References5Affected Software2
CVE
CVE
added 2020/01/23 8:12 p.m.106 views

CVE-2015-5333

CVE-2015-5333 affects LibreSSL prior to 2.3.1. A memory leak in OBJ_obj2txt can be triggered by a large number of ASN.1 object identifiers in X.509 certificates, enabling a remote attacker to cause denial of service via memory consumption. Public sources in the connected documents consistently de...

7.5CVSS7.9AI score0.01978EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/01/23 8:12 p.m.20 views

CVE-2015-5333

Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...

8.1AI score0.01978EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/01/23 7:56 p.m.23 views

CVE-2015-5334

Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...

6.9AI score0.03489EPSS
Exploits1References5
CVE
CVE
added 2020/01/23 7:56 p.m.140 views

CVE-2015-5334

CVE-2015-5334 is described in CNVD as an off-by-one buffer overflow in LibreSSL’s OBJ_obj2txt() that can be triggered by a crafted X.509 certificate, potentially causing a denial of service or remote code execution. The flaw is attributed to an incorrect fix for CVE-2014-3508. The initial CVE ent...

9.8CVSS7AI score0.03489EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.268 views

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...

7.5CVSS7.6AI score0.99999EPSS
Exploits17References19
Hacker One
Hacker One
added 2017/04/18 7:38 a.m.66 views

Internet Bug Bounty: OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

The function TSOBJprintbio misuses OBJobj2txt: the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. refer: https://www.openssl.org/news/secadv/20160922.txt...

5CVSS8.8AI score0.28533EPSS
Exploits1
Veracode
Veracode
added 2017/02/07 1:12 a.m.36 views

Information Disclosure

OpenSSL is vulnerable to information disclosure. When pretty printing through the OBJobj2txt function in crypto/objects/objdat.c is it possible for attackers to read from the process stack memory. This is caused because OpenSSL does not ensure the presence of \0 characters...

4.3CVSS5.4AI score0.23292EPSS
Exploits0References72Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.5 views

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality of protected information.

The vulnerability exists in the OBJobj2txt function in crypto/objects/objdat.c of OpenSSL. This vulnerability arises due to the absence of the '\0' character. Exploiting this vulnerability allows attackers to access confidential information from the stack memory of the process, by using the outpu...

4.3CVSS6.5AI score0.23292EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2015/10/15 12:0 a.m.55 views

LibreSSL -- Memory leak and buffer overflow

Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...

9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/09/24 4:53 p.m.5 views

openssl: information leak in pretty printing functions

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...

4.3CVSS6.7AI score0.23292EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/14 4:44 a.m.4 views

openssl: information leak in pretty printing functions

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...

4.3CVSS6.7AI score0.23292EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2014/08/13 11:0 p.m.26 views

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

4.3CVSS6AI score0.23292EPSS
Exploits0
Cvelist
Cvelist
added 2014/08/13 11:0 p.m.34 views

CVE-2014-3508

The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...

5.6AI score0.23292EPSS
Exploits0References70
Rows per page
Query Builder