475 matches found
Out-of-bounds
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a...
CVE-2017-7892
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a...
CVE-2017-7892
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a...
CVE-2017-7892
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a...
CVE-2017-7892
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a...
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session. Vulnerability ID: HWPSIRT-2016-09065 This vulnerability has been...
Ichitaro Office JTD Figure handling Code Execution Vulnerability
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro’s proprietary file format is a Compound Document similar to .doc for Microsoft Word called .jtd. Wh...
USN-3181-1: OpenSSL vulnerabilities
Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were...
openssl: Possible integer overflow vulnerabilities in codebase
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...
openssl: Possible integer overflow vulnerabilities in codebase
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...
openSUSE Security Update : zlib (openSUSE-2017-46)
This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 - Incompatible declarations for external...
PT-2017-2600 · Zlib +7 · Zlib +7
Name of the Vulnerable Software and Affected Versions: zlib version 1.2.8 Description: The issue is caused by improper pointer arithmetic in the inffast.c component of the zlib library, which may allow remote attackers to impact the confidentiality, integrity, and availability of protected...
openssl: Possible integer overflow vulnerabilities in codebase
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...
SUSE-SU-2016:2545-1 Security update for compat-openssl097g
This update for compat-openssl097g fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 OOB write in BNbn2dec CVE-2016-2182 bsc993819 Birthday attack against 64-bit block ciphers SWEET32...
MGASA-2016-0338 Updated openssl packages fix security vulnerabilities
Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...
Updated openssl packages fix security vulnerabilities
Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic CVE-2016-2177. Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code CVE-2016-2178. Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS CVE-2016-2179,...
SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:2468-1)
This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant ti...
SUSE-SU-2016:2468-1 Security update for compat-openssl098
This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time fla...
SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behavior CVE-2016-2177 bsc982575 - Constant time flag not...
Security update for openssl (important)
This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time flag not...