17 matches found
JLSEC-2025-224 Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers ...
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service DoS via mbedtlsx509setextension...
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
...
Astra Linux – Vulnerability in mbedtls
Integer overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. Attackers can exploit this vulnerability to cause a denial of service DoS attack through the mbedtlsx509setextension function...
PT-2024-1659
Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.x through 2.28.6 Mbed TLS versions 3.x through 3.5.1 Description The issue is related to an integer overflow vulnerability in the mbedtls x509 set extension function, which can be exploited by attackers to cause a denial of...
Denial Of Service (DoS)
go-libp2p is vulnerable to Denial Of Service DoS. The vulnerability exists during the Noise handshake and the libp2p x509 extension verification step which allows an attacker to use large RSA keys causing resource exhaustion...
AZL-27875 CVE-2023-39533 affecting package msft-golang for versions less than 1.19.12-1
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...
AZL-27872 CVE-2023-39533 affecting package golang for versions less than 1.19.12-1
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...
CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...
SUSE CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
GHSA-6748-36QP-FX6R PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificati...
BSA-2017-380
Security Advisory ID : BSA-2017-380 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension. Affected Products Brocade is...
DEBIAN-CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
UBUNTU-CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
UBUNTU-CVE-2017-5334
Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...
The vulnerability of the GnuTLS library, which allows a hacker to cause a service failure
The vulnerability of the lib/x509/x509ext.c component in the GnuTLS library is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure using a specially crafted CRL distribution point...
CVE-2015-3308
Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point...