CVE-2018-4398

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...

EUVD-2014-9548

Malware in sbrugna...

EUVD-2018-16184

Malware in sbrugna...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : phpseclib vulnerabilities (USN-7404-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7404-1 advisory. It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could...

Malicious code in a1426kt-prime-number (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-27354

CVE-2024-27354 affects phpseclib 1.x < 1.0.23, 2.x < 2.0.47, and 3.x

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to Denial Of Service DoS. The vulnerability exists because of an infinite loop when the prime number field is a composite number, which allows an attacker to crash the application...

The Doghouse: Crown Sterling

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on...

Design/Logic Flaw

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8...

CVE-2016-2217

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret...

Socat Weak Diffie-Hellman Prime Number

Update Socat is the latest open source tool to come under suspicion that it is backdoored. Socat is a versatile command line utility that builds bi-directional communication streams and moves data between channels, including files, network pipes, serial connected devices, sockets or a combination...

Fewer IPsec VPN Connections at Risk to Weak Diffie-Hellman

A challenge has been made against one of the conclusions in a potentially blockbuster academic paper on cryptographic weaknesses that may be the open door through which intelligence agencies are breaking encrypted connections. The paper, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in...

Dropbear: Multiple vulnerabilities

Background Dropbear is an SSH server and client designed with a small memory footprint. Description Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifier and Gentoo bug referenced below for details. Impact A remote attacker could send a specially crafted...

openSUSE 10 Security Update : openssl (openssl-2349)

A previous openssl update CVE-2006-2940 introduced another bug that can lead to a crash by providing a large prime number. An uninitialized pointer is freed during error handling. This bug allows remote attackers to crash services that use openssl. %NASLMINLEVEL 70300 C Tenable Network Security,...