CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. • http://advisories.mageia.org/MGASA-2014-0247.html http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/err • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0CVE-2014-3469 – libtasn1: asn1_read_value_type() NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-3469
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. • http://advisories.mageia.org/MGASA-2014-0247.html http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2014-0594.html http://rhn.redhat.com/errata/RHSA-2014-0596.html http:/&#x • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 59%CPEs: 47EXPL: 2CVE-2014-3466 – gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)
https://notcve.org/view.php?id=CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Desbordamiento de buffer en la función read_server_hello en lib/gnutls_handshake.c en GnuTLS anterior a 3.1.25, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.4 permite a servidores remotos causar una denegación de servicio (consumo de memoria) o posiblemente ejecutar código arbitrario a través de una sesión id larga en un mensaje ServerHello. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. • http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0595.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability http://rhn.redhat.com/e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 1%CPEs: 161EXPL: 0CVE-2009-2409 – deprecate MD2 in SSL cert validation (Kaminsky)
https://notcve.org/view.php?id=CVE-2009-2409
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. La librería Network Security Services (NSS) en versiones anteriores a 3.12.3, como se utiliza en Firefox; GnuTLS en versiones anteriores a 2.6.4 y 2.7.4; OpenSSL 0.9.8 hasta la versión 0.9.8k; y otros productos que soportan MD2 con certificados X.509, lo que podrían permitir a atacantes remotos falsificar certificados usando defectos de diseño de MD2 para generar una colisión de hash en menos que tiempo que con fuerza bruta. NOTA: el alcance de este problema está actualmente limitado porque la cantidad de computación requerida es todavía grande. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/36669 http://secunia.com/advisories/36739 http://secunia.com/advisories/37386 http://secunia.com/advisories/42467 http://security.gentoo.org/glsa/glsa-200911-02.x • CWE-310: Cryptographic Issues •