10 matches found
CVE-2026-50722
Libreswan is affected by CVE-2026-50722 through RSA_authenticate_hash_signature_pkcs1_1_5_rsa, which fails to properly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 (RFC 8017). This enables a remote attacker to perform a Bleichenbacher-like variati...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
Security update for singularity (important)
openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1100-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three...
OPENSUSE-SU-2020:1011-1 Security update for singularity
This update for singularity fixes the following issues: - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems: - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...
Security update for singularity (important)
openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1011-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities ...
ecdsa Denial of Service vulnerability in signature verification and signature malleability
possible DoS in signature verification and signature malleability Impact Code using VerifyingKey.verify and VerifyingKey.verifydigest may receive exceptions other than the documented BadSignatureError when signatures are malformed. If those other exceptions are not caught, they may lead to progra...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...