CVE-2022-23004

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario,...

CVE-2022-20162

In asn1p256int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

MGASA-2022-0171 Updated golang packages fix security vulnerability

encoding/pem: fix stack overflow in Decode. A large more than 5 MB PEM input can cause a stack overflow in Decode, leading the program to crash CVE-2022-24675 crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or...

CVE-2022-28327

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

UBUNTU-CVE-2022-28327

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input...

CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2019:14124-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14124-1 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable...

PYSEC-2020-42

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

Denial Of Service (DoS)

nss is vulnerable to denial of service DoS. The vulnerability exists through empty or malformed p256-ECDH public keys may trigger a segmentation fault...

nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Important: Red Hat Security Advisory: nss, nss-softokn, nss-util security update

An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

DEBIAN-CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Design/Logic Flaw

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Debian DLA-1857-1 : nss security update

Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2019-11719: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in th...

Ubuntu 16.04 LTS / 18.04 LTS : NSS vulnerabilities (USN-4060-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4060-1 advisory. Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to...

USN-4060-2 nss vulnerabilities

USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this...

USN-4060-1 nss vulnerabilities

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2019-11719 Hubert Kario discovered that NSS incorrectly...

UBUNTU-CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...