249 matches found
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...
UBUNTU-CVE-2021-43527
NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...
thunderbird: Memory corruption when processing S/MIME messages
A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
thunderbird: Memory corruption when processing S/MIME messages
A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice
The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the...
LibreOffice 信任管理问题漏洞
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. LibreOffice suffers from a trust management issue vulnerability that stems from the application not...
Huawei EulerOS: Security Advisory for python-ecdsa (EulerOS-SA-2021-2161)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nettle: Out of bounds memory access in signature verification
A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...
Timing attack against DSA
...
Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert
Summary OpenSSL vulnerability was disclosed by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVE Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attack...
nettle: Out of bounds memory access in signature verification
A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...
nettle: Out of bounds memory access in signature verification
A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...
PT-2021-3125
Name of the Vulnerable Software and Affected Versions Nettle versions prior to 3.7.2 Description A flaw was found in the Nettle signature verification functions, including GOST DSA, EDDSA, and ECDSA, where the Elliptic Curve Cryptography point multiply function is called with out-of-range scalers...
Newest Intel Side-Channel Attack Sniffs Out Sensitive Data
Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics...
CentOS 8 : openssl (CESA-2019:3700)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3700 advisory. - openssl: timing side channel attack in the DSA signature algorithm CVE-2018-0734 - openssl: timing side channel attack in the ECDSA signature...
Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2020-1629)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : OpenSSL remote denial of service vulnerability (012809ce-83f3-11ea-92ab-00163e433440)
Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signaturealgorithmscert' TLS extension. The crash occurs if an invalid or unrecognized signature algorithm i...
Security Bulletin: OpenSSLにある複数の脆弱性のWebSphere Message BrokerとIBM Integration Busへの影響について
Summary OpenSSLの脆弱性について、OpenSSL Projectより2016年 9月22日、9月26日、11月10日にそれぞれ公表されております。WebSphere Message BrokerならびにIBM Integration Busにて使用されているDataDirect ODBC ドライバーに対して該当するCVEがあり、対処しております。 Vulnerability Details 最新の情報は下記の文書(英語)をご参照ください。 Security Bulletin: Multiple vulnerabilities in OpenSSL affect...
golang: invalid public key causes panic in dsa.Verify
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...
Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)
Summary Security vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator Vulnerability Details CVE-ID: CVE-2018-0734 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could...