17 matches found
CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
AlmaLinux 8 : openssl (ALSA-2021:5226)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5226 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...
EulerOS 2.0 SP3 : openssl (EulerOS-SA-2022-1181)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...
EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2022-1088)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...
Juniper Junos OS Vulnerability (JSA11293)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11293 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length...
opencart 3.0.3.8 - Sessjion Injection Vulnerability
Exploit Title: opencart 3.0.3.8 - Sessjion Injection Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10 using XAMPP,...
SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2021:3019-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3019-1 advisory. - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings bsc1189521. Tenab...
SUSE SLES15: libopenssl-1_0_0-devel / libopenssl10 / libopenssl1_0_0 / etc (SUSE-SU-2021:2994-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2994-1 advisory. - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings bsc1189521. Tenab...
SUSE SLED12: libopenssl-1_0_0-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc (SUSE-SU-2021:2995-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2995-1 advisory. - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings...
SUSE SLES15: libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-32bit / etc (SUSE-SU-2021:2967-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2967-1 advisory. - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings bsc1189521. Tenab...
Security fix for the ALT Linux 10 package node version 14.17.6-alt1
Sept. 1, 2021 Vitaly Lipatov 14.17.6-alt1 - new version 14.17.6 with rpmrb script - set npm = 6.14.15 - set openssl = 1.1.1l - CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135...
SUSE SLES11: libopenssl1-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc (SUSE-SU-2021:14792-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14792-1 advisory. This update for openssl1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffe...
ALPINE-CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Buffer overflow
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
CVE-2021-3711 SM2 Decryption Buffer Overflow
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Ubuntu 18.04 LTS / 20.04 LTS : OpenSSL vulnerabilities (USN-5051-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5051-1 advisory. John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications usi...