34 matches found
Astra Linux - уязвимость в openssl
There is a type confusion vulnerability related to X.400 address processing within an X.509 GENERALNAME. X.400 addresses are parsed as ASN1STRING, but the public structure definition for GENERALNAME incorrectly specifies the type of the x400Address field as ASN1TYPE. This field is subsequently...
JLSEC-2026-234 Vulnerable OpenSSL included in cryptography wheels
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CLSA-2025-1764692769 compat-openssl11: Fix of CVE-2023-0286
CVE-2023-0286: fix X.400 address type confusion in X.509 GeneralName...
TencentOS Server 3: compat-openssl10 (TSSA-2025:0443)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0443 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Hitachi ABB AFS Double Free (CVE-2022-4450)
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This plugin only works wi...
Hitachi ABB AFS Use After Free (CVE-2023-0215)
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This plugin only works wi...
compat-openssl11 security update
An update is available for compat-openssl11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSSL toolkit provides support for secure communications betwe...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
ROS-20230418-05
A vulnerability in the OpenSSL cryptographic library is related to a boundary error in the PEMreadbioex function. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted PEM file to an application, cause a memory re-release error, and perform a typing...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
OESA-2023-1142 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
OESA-2023-1135 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, C...
OESA-2023-1121 shim security update
Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. Security Fixes: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structur...
SUSE CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CLSA-2023-1676026276 openssl: Fix of 2 CVEs
CVE-2023-0215: Fix a UAF resulting from a bug in BIOnewNDEF - CVE-2023-0286: Fix GENERALNAMEcmp for x400Address...
CLSA-2023-1676026152 openssl: Fix of 2 CVEs
CVE-2023-0215: Fix a UAF resulting from a bug in BIOnewNDEF - CVE-2023-0286: Fix GENERALNAMEcmp for x400Address...
CLSA-2023-1676026057 Fix CVE(s): CVE-2023-0215, CVE-2023-0286
SECURITY UPDATE: Use-after-free following BIOnewNDEF - debian/patches/CVE-2023-0215.patch: fix a UAF resulting from a bug in BIOnewNDEF in crypto/asn1/biondef.c - CVE-2023-0215 SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix...