Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package

Summary The Python cryptography package is used by IBM Cloud Pak for Data System to provide cryptographic functionality. CVE-2024-0727 affects the underlying OpenSSL library used by the cryptography package. Processing a maliciously formatted PKCS12 file may cause a NULL pointer dereference in...

openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

Linux Distros Unpatched Vulnerability : CVE-2024-0727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary:...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / kata-containers / kata-containers-cc / nodejs / openssl (CVE-2024-0727)

The version of cloud-hypervisor-cvm / hvloader / kata-containers / kata-containers-cc / nodejs / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0727 advisory. - Issue summary: Processing ...

Medium: openssl

Issue Overview: A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, i...

USN-6632-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2023-5678 Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malform...

GHSA-9V9H-CGJ8-H64P Null pointer dereference in PKCS12 parsing

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

PT-2023-8644

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 3.2 excluding FIPS modules in 3.2, 3.1, and 3.0 Description The issue arises from the improper handling of NULL fields in PKCS12 files, leading to a potential Denial of Service attack. Applications loading files in th...