Siemens RUGGEDCOM, SCALANCE and SIMATIC Out-of-bounds Read (CVE-2021-3712)

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

CLSA-2025-1766601879 gnutls: Fix of CVE-2025-32989

CVE-2025-32989: fix read buffer overrun in x509 SCT timestamps...

EUVD-2023-0809

Malicious code in bioql PyPI...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway, Configuration Utility, VPN, Certificate and Base Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within libcurl a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, VPN and Base Modules. Vulnerabilities contained within Netty a 3rd party component were addressed in the IBM MaaS360 Mobi...

MGASA-2023-0130 Updated openssl packages fix security vulnerability

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Important: openssl

Issue Overview: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial service CVE-2022-3996, CVE-2023-0401, CVE-2022-4203, CVE-2023-0216, CVE-2023-0215, CVE-2023-0217, CVE-2023-0286, CVE-2022-4450 or obtain sensitive information CVE-2022-4304. OpenSSL is used by AIX as part of AIX's...

RHEL 9 : openssl (RHSA-2023:0946)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0946 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

DEBIAN-CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

ALPINE-CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

UBUNTU-CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Vulnerability in OpenSSL - X.509 Name Constraints Read Buffer Overflow

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

CVE-2021-3712: ASN1_STRING structure contains a buffer holding the string data

Security Advisory ID : BSA-2022-1587 Component : OpenSSL Revision : 1.0 ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesent...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-1417)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

Oracle Linux 7 : openssl (ELSA-2022-9017)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9017 advisory. - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 8 : openssl (ELSA-2021-5226)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-5226 advisory. - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linux...

EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2021-2668)

According to the versions of the openssl111d packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will ca...

Debian DLA-2774-1 : openssl1.0 - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2774 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length...

openSUSE 15 Security Update : openssl-1_0_0 (openSUSE-SU-2021:2994-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2994-1 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...

SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2021:2996-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2996-1 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string dat...