3 matches found
CLSA-2021-1639686040 Fix CVE(s): CVE-2021-3984, CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069
SECURITY UPDATE: Using freed memory with regexp using a mark - debian/patches/CVE-2021-3974.patch: Get the line again after getting the mark position - CVE-2021-3974 SECURITY UPDATE: Illegal memory access when C-indenting - debian/patches/CVE-2021-3984.patch: Also set the cursor column -...
CVE-2018-8970
The intx509paramsethosts function in lib/libcrypto/x509/x509vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain...
openldap: modrdn processing IA5StringNormalize NULL pointer dereference
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smrnormalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schemainit.c, as...