CVE-2016-0797 – OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
https://notcve.org/view.php?id=CVE-2016-0797
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. Múltiples desbordamientos de entero en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica o referencia a puntero NULL) o posiblemente tener otro impacto no especificado a través de una cadena de dígitos de gran tamaño que no es manejada correctamente por la función (1) BN_dec2bn o (2) BN_hex2bn, relacionada con crypto/bn/bn.h y crypto/bn/bn_print.c. An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.h •
CVE-2016-0702 – OpenSSL: Side channel attack on modular exponentiation
https://notcve.org/view.php?id=CVE-2016-0702
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. La función MOD_EXP_CTIME_COPY_FROM_PREBUF en crypto/bn/bn_exp.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no considera correctamente las veces que se accede al cache-bank durante la exponenciación modular, lo que facilita a usuarios locales descubrir las claves RSA ejecutando una aplicación manipulada en el mismo núcleo de la CPU Intel Sandy Bridge como víctima y aprovechándose de los conflictos del cache-bank, también conocida como un ataque "CacheBleed". A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. • http://cachebleed.info http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2216 – Node.js HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. El código de interpretacción de cabecera HTTP en Node.js 0.10.x en versiones anteriores a 0.10.42, 0.11.6 hasta la versión 0.11.16, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos eludir un mecanismo de protección de separación de respuesta HTTP a través de caracteres Unicode codificados en UTF-8 en la cabecera HTTP, según lo demonstrado mediante %c4%8d%c4%8a. Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability. • http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html http://www.securityfocus.com/bid/83141 https://nodejs.org/en/blog/vulnerability/february-2016-security-re • CWE-20: Improper Input Validation •
CVE-2015-8027
https://notcve.org/view.php?id=CVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (uncaughtException e interrupción de servicio) a través de una petición HTTP con pipelining. • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524 http://www-01.ibm.com/support/docview.wss?uid=swg21972419 http://www.securityfocus.com/bid/78207 https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764 https://nodejs.org/en/blog/vulnerability/december-2015-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-17: DEPRECATED: Code •
CVE-2015-6764 – v8: unspecified out-of-bounds access vulnerability
https://notcve.org/view.php?id=CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. La función BasicJsonStringifier::SerializeJSArray en json-stringifier.h en el stringifier JSON en Google V8, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, carga indebidamente elementos de un array, lo que permite a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78209 http://www.securitytracker.com/id/1034298 https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •