3 matches found
CVE-2023-28531
CVE-2023-28531 affects OpenSSH: ssh-add adds smartcard keys to ssh-agent without the intended per‑hop destination constraints, starting from OpenSSH up to version 9.2.x and earliest affected 8.9. The issue is resolved in OpenSSH 9.3 and later. Remediation is upgrading to 9.3+ (or the distro patch...
CVE-2024-6119
OpenSSL CVE-2024-6119 causes a denial of service when applications perform certificate name checks (e.g., TLS server name validation). The issue stems from reading an invalid memory address during name comparison (e.g., otherName in X.509) and may terminate the process. Multiple connected advisor...
CVE-2024-2398
CVE-2024-2398 affects curl/libcurl: when an application enables HTTP/2 server push and the received push headers exceed a limit (1000), libcurl aborts the server push and leaks previously allocated headers, causing memory leaks and a silent condition that can be hard to detect. The CVSS in the en...