8 matches found
CVE-2023-0286
CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...
CVE-2023-0215
CVE-2023-0215 describes a use-after-free in OpenSSL’s BIO_new_NDEF path used with SMIME/CMS/PKCS7 streaming. When a CMS recipient key is invalid, the filter BIO is freed but the caller’s BIO still holds pointers, allowing use-after-free on BIO_pop(); this can crash the process. Affected internal ...
CVE-2023-0216
CVE-2023-0216 : OpenSSL contains an invalid pointer dereference on read when an application loads malformed PKCS7 data via d2i_PKCS7(), d2i_PKCS7_bio(), or d2i_PKCS7_fp(). This can cause an application crash and potentially a denial of service. The description notes that the TLS implementation it...
CVE-2023-0401
CVE-2023-0401 describes a NULL pointer dereference during PKCS7 data verification in OpenSSL. The digest initialization can fail when the signature hash algorithm is known but the implementation is unavailable, due to a missing check on the initialization return value. This can lead to invalid di...
CVE-2002-20001
CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...
CVE-2022-32215
CVE-2022-32215 concerns the llhttp parser used by Node.js. The http module can mis-handle multi-line Transfer-Encoding headers in vulnerable builds, enabling HTTP Request Smuggling (HRS). Affected are Node.js ships with llhttp < v14.20.1, < v16.17.1, and
CVE-2022-32213
CVE-2022-32213 concerns the llhttp parser in Node.js’ http module, where the parser may incorrectly parse and validate Transfer-Encoding headers, enabling HTTP Request Smuggling (HRS). The vulnerability is cited in multiple advisories (Debian, Red Hat, and Amazon Linux family) as part of a set in...
CVE-2022-32214
CVE-2022-32214 affects the Node.js http module via the llhttp parser, where versions <14.20.1, <16.17.1, and =14.20.1, >=16.17.1, >=18.9.1 or newer Node.js releases that bundle these llhttp versions). If exploitation details or CVSS changes are needed, refer to the linked advisories i...