3 matches found
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
On December 18th, 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, called Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of security aspects of SSH connections. This occurs...
Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023
OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0, 1.1.1, and 1.0.2.CVE-2023-0286 - X.400 address type confusion in X.509 GeneralNameCVE-2022-4304 - Timing Oracle in RSA DecryptionCVE-2022-4203 - X.509 Name Constraints Read Buffer...
OpenSSL Infinite loop when parsing certificates CVE-2022-0778
A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied...