MiracleLinux 8 : openssl-1.1.1k-9.el8 (AXSA:2023-5236:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5236:03 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...

The vulnerabilities of the functions mbedtls_pem_read_buffer() and mbedtls_pk_parse() in the Mbed TLS software allow a attacker to cause a service failure or disclose protected information.

The vulnerability of the mbedtlspemreadbuffer and mbedtlspkparse functions in Mbed TLS is related to an off-by-one error. Exploiting this vulnerability can allow a remote attacker to cause service failures or expose protected information...

OESA-2024-2312 openresty-openssl111 security update

Security Fixes: The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the releva...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

CLSA-2023-1680210075 openssl: Fix of 2 CVEs

CVE-2022-4304: fix timing based side channel in RSA decryption - CVE-2022-4450: avoid dangling pointers in PEMreadbioex...

CLSA-2023-1680206329 openssl: Fix of 2 CVEs

CVE-2022-4304: fix timing based side channel in RSA decryption - CVE-2022-4450: avoid dangling pointers in PEMreadbioex...

SUSE CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

AZL-13347 CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

AZL-37892 CVE-2022-4450 affecting package hvloader for versions less than 1.0.1-4

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

UBUNTU-CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

OpenSSL 资源管理错误漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

PT-2021-7737

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The function PEM read bio ex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the name out...