115 matches found
SUSE-SU-2024:1789-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating bsc1224388...
SUSE CVE-2024-4603
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
AZL-42049 CVE-2024-4603 affecting package openssl for versions less than 3.3.2-1
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
AZL-78534 CVE-2024-4603 affecting package openssl-fips-provider 3.1.2-1
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
DEBIAN-CVE-2024-4603
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
ALPINE-CVE-2024-4603
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...
CVE-2024-2212
Summary: CVE-2024-2212 affects Eclipse ThreadX prior to 6.4.0 due to missing parameter checks in the FreeRTOS compatibility API functions xQueueCreate() and xQueueCreateSet() (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c). This can cause integer wraparound, under-allocations, and heap...
CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
In Eclipse ThreadX before 6.4.0, xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API utility/rtoscompatibilitylayers/FreeRTOS/txfreertos.c were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows...
PT-2024-2446 · Microsoft +1 · Azure-C-Shared-Utility +1
Name of the Vulnerable Software and Affected Versions: azure-c-shared-utility affected versions not specified Description: The azure-c-shared-utility library has a vulnerability related to the parameter checking mechanism, which can cause an integer wraparound, under-allocation, or heap buffer...
USN-6709-1: OpenSSL vulnerabilities
It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. CVE-2023-3446 After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q...
openssl: Excessive time spent checking DH keys and parameters
A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3016)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck,...
EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2023-3095)
According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-3382)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSSL: Excessive time spent checking DH q parameter value
A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...
OpenSSL: Excessive time spent checking DH q parameter value
A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...
OpenSSL: Excessive time spent checking DH q parameter value
A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...
OpenSSL: Excessive time spent checking DH q parameter value
A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...