CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-0286 – X.400 address type confusion in X.509 GeneralName
https://notcve.org/view.php?id=CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. • https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d https://security.gentoo.org/glsa/202402-08 https://www.open • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37613
https://notcve.org/view.php?id=CVE-2021-37613
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. Stormshield Network Security (SNS) versiones 1.0.0 hasta 4.2.3, permite una Denegación de Servicio • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-050 •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3398
https://notcve.org/view.php?id=CVE-2021-3398
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. Stormshield Network Security (SNS) 3.x, presenta un Desbordamiento de Enteros en el componente high-availability • https://advisories.stormshield.eu/2021-001 https://www.stormshield.com/category/alert • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28096
https://notcve.org/view.php?id=CVE-2021-28096
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. Se ha detectado un problema en Stormshield SNS versiones anteriores a 4.2.3 (cuando es usado el proxy). Un atacante puede saturar la tabla de conexiones del proxy. • https://advisories.stormshield.eu/2021-005 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 60EXPL: 1CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar números arbitrarios que en realidad no son claves públicas, y desencadenar costosos cálculos de exponenciación modular DHE del lado del servidor, también se conoce como un ataque D(HE)ater. • https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf https://dheatattack.com https://dheatattack.gitlab.io https://github.com/Balasys/dheater https://github.com/mozilla/ssl-config-generator/issues/162 https://gitlab.com/dheatattack/dheater https://ieeexplore.ieee.org/document/10374117 https://support.f5.com/csp/article/K83120834 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration https: • CWE-400: Uncontrolled Resource Consumption •