3 matches found
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...
SUSE-SU-2018:0122-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code bsc1069226. - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function bsc1069222...
DEBIAN-CVE-2017-8817
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...