32 matches found
BIT-NGINX-GATEWAY-2026-28755 NGINX ngx_stream_ssl_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...
EUVD-2023-12592
Malicious code in bioql PyPI...
SUSE CVE-2016-6304
Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions...
openssl security update
1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...
Denial Of Service (DoS)
OpenSSL is vulnerable to Denial Of Service DoS. A malicious user can send multiple large OCSP Status Request extension to the server. causing it to run out of memory and crash...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ...)
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera Faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application on Demand, and IBM Aspera Azure on Demand. IBM Aspera Transf...
Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)
The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - An information disclosure vulnerability exists in the dsasignsetup function in dsaossl.c due to a failure to properly ensure the use of constant-time...
openSUSE Security Update : openssl-steam (openSUSE-2018-168)
This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 - CVE-2016-7056: ECSDA P-256 timing attack ke...
openssl: OCSP Status Request extension unbounded memory growth
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...
Internet Bug Bounty: OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service...
FreeBSD : cURL -- ocsp status validation error (311e4b1c-f8ee-11e6-9940-b499baebfeaf)
The cURL project reports : SSLVERIFYSTATUS ignored curl and libcurl support 'OCSP stapling', also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server...
Denial Of Service (DoS)
OpenSSL is vulnerable to Denial Of Service DoS. A malicious user can send multiple large OCSP Status Request extension to the server. causing it to run out of memory and crash...
RHEL 6 : openssl (RHSA-2016:2802)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2802 advisory. - openssl: OCSP Status Request extension unbounded memory growth CVE-2016-6304 Note that Nessus has not tested for this issue but has instead relied...
MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3srvr.c, sslsess.c, and t1lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An...
MGASA-2016-0338 Updated openssl packages fix security vulnerabilities
Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...
Updated openssl packages fix security vulnerabilities
Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...
SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:2468-1)
This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant ti...
Oracle Linux 6 / 7 : openssl (ELSA-2016-1940)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1940 advisory. - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in...
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...
Design/Logic Flaw
Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions...