Page 2 of 9 results (0.008 seconds)

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. La función append_utf8_value en el decodificador DN (dn.c) en Libksba en versiones anteriores a 1.3.3 permite a atacantes remotos provocar una caída de servicio (lectura fuera de rango) borrando el bit del byte después de datos codificados UTF-8 no válidos. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.openwall.com/lists/oss-security/2016/05/10/3 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." Libksba en versiones anteriores a 1.3.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y caída) a través de vectores no especificados, relacionado "longitud devuelta del objeto de _ksba_ber_parse_tl". • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 http://lists.opensuse.org/opensuse-updates/2016-06/msg00028.html http://www.openwall.com/lists/oss-security/2016/05/10/8 http://www.openwall.com/lists/oss-security/2016/05/11/10 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201706-22 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 usa un tipo de información integrada incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. Desbordamiento de enteros en la función ksba_oid_to_str en Libksba anterior a 1.3.2, utilizado en GnuPG, permite a atacantes remotos causar una denegación de servicio (caída) a través de un OID manipulado en (1) un mensaje S/MIME o (2) datos OpenPGP basados en ECC, lo que provoca un desbordamiento de buffer. • http://advisories.mageia.org/MGASA-2014-0498.html http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html http://secunia.com/advisories/60073 http://secunia.com/advisories/60189 http://secunia.com/advisories/60233 http://www.debian.org/security/2014/dsa-3078 http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 http://www.securityfocus.com/bid/71285 http://www.ubuntu.com/usn/USN-2427-1 http • CWE-191: Integer Underflow (Wrap or Wraparound) •