11 matches found
Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2023-0215)
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
EulerOS 2.0 SP5 : shim (EulerOS-SA-2023-2169)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to...
AlmaLinux 8 : edk2 (ALSA-2023:2932)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...
EulerOS 2.0 SP8 : openssl (EulerOS-SA-2023-1602)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
USN-5845-1: OpenSSL vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in...
CVE-2023-0215 Use-after-free following BIO_new_NDEF
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2023:0306-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0306-1 advisory. - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed...
USN-5845-2: OpenSSL vulnerabilities
USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this...
CVE-2023-0215
A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...
USN-5845-1 openssl1.0 vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. CVE-2023-0286 Octavio Galland and Marcel Böhme discovered that OpenSS...
Use-after-free following `BIO_new_NDEF`
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...