23303 matches found
Astra Linux – Vulnerability in OpenSSL
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities. However, it can also be called directly by end-user applications. This function receives a BIO from...
Astra Linux – Vulnerability in OpenSSL
The function PEMreadbioex reads a PEM file from a BIO, parses, and decodes the “name” e.g., “CERTIFICATE”, any header data, and the payload data. If the function succeeds, the “nameout”, “header”, and “data” arguments are populated with pointers to buffers containing the relevant decoded data. Th...
Astra Linux – Vulnerability in OpenSSL
There exists a timing-based side channel in the OpenSSL RSA Decryption implementation. This vulnerability could be sufficient for an attacker to recover plaintext across a network in a Bleichenbacher-style attack. To successfully decrypt data, an attacker would need to be able to send a very larg...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems such as OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS without a message size limit may...
Astra Linux – Vulnerability in OpenSSL
Issue summary: An application attempting to decrypt messages encrypted using password-based encryption in CMS can trigger an out-of-bounds read and write attack. Impact summary: This out-of-bounds read attack may cause a system crash, leading to a denial of service for the application. The...
Astra Linux – Vulnerability in openssl1.0
In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Calling the PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code points can trigger a one-byte write before the allocated buffer. This out-of-bounds write can cause memory corruption, potentially...
Astra Linux – Vulnerability in OpenSSL
Issue Summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes may leave the final partial block unencrypted and unauthenticated. Impact Summary: The last 1–15 bytes of a message may be exposed in...
Astra Linux – Vulnerability in OpenSSL
Issue summary: There is a type confusion vulnerability in the signature verification of signed PKCS7 data. In this vulnerability, an ASN1TYPE union member is accessed without first validating the type, resulting in an invalid or NULL pointer dereferencing during the processing of malformed PKCS7...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh versions built with OpenSSL versions older than 3.0. The issue lies with the sshkdf function, which is responsible for key derivation. Due to inconsistent interpretation of return values, OpenSSL uses 0 to indicate failure, while libssh uses 0 for success. As a...
Astra Linux – Vulnerability in OpenSSL
Issue Summary: Checking excessively long DH keys or parameters can be very slow. Impact Summary: Applications that use functions like DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters are obtained from an untrusted...
ROOT-OS-DEBIAN-11-CVE-2026-28388 CVE-2026-28388 in rootio-openssl - Patched by Root
Root has patched CVE-2026-28388 in the rootio-openssl package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-28387 CVE-2026-28387 in rootio-openssl - Patched by Root
Root has patched CVE-2026-28387 in the rootio-openssl package for Root:Debian:11. Multiple fixed versions available...
Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities
Question Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...
Security Bulletin: Vulnerabilities in OpenSSL (CVE-1015-1793)
Question Security Bulletin: Vulnerabilities in OpenSSL CVE-1015-1793 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...
Security Bulletin: Vulnerabilities in OpenSSL
Question Security Bulletin: Vulnerabilities in OpenSSL "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar
Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares CVE-2016-6304, CVE-2016-2177, ... "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on
Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-2107, CVE-2016-2106, CVE-2016-2176 "Business Unit":"code":"BU059","label":"IBM Software w/o...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand,
Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ... "Business Unit":"code":"BU059","label":"IBM...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application
Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702 "Business...