4 matches found
CLSA-2021-1639681783 Fix CVE(s): CVE-2021-3712
SECURITY UPDATE: fix assumption that ASN.1 string is NULL terminated when it exactly doesn't. - debian/patches/CVE-2021-3712.patch: backport all found cases where code relayed on assumtion that ASN.1 string is NULL terminated - CVE-2021-3712...
CLSA-2021-1634922881 Fixed CVEs in openssl: CVE-2018-0739, CVE-2018-0732, CVE-2021-3712, CVE-2018-0737
fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...
CVE-2021-3712
creationtimestamp| type| source ---|---|--- 2021-08-24 18:23:28+00:00| seen| https://t.me/cibsecurity/27774 2023-03-02 10:44:57+00:00| seen| https://www.cert.at/de/warnungen/2023/3/kritische-sicherheitslucken-in-arubaos-updates-teilweise-verfugbar 2023-03-02 16:20:07+00:00| seen|...
openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3712 via openssl-src (=110.0.7+1.1.0i)
openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3712 Source advisory: OSV:RUSTSEC-2021-0098...