6 matches found
SUSE CVE-2024-6119
Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...
CVE-2024-34702
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints...
PT-2024-6609
Name of the Vulnerable Software and Affected Versions: Botan versions prior to 3.5.0 Botan versions prior to 2.19.5 Description: The issue is related to the processing of X.509 certificates in the Botan C++ cryptography library. Checking name constraints in these certificates is quadratic in the...
GHSA-9QWG-CRG9-M2VC `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...
RUSTSEC-2023-0023 `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...