CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2016-2178 – openssl: Non-constant time codepath followed for certain operations in DSA implementation
https://notcve.org/view.php?id=CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización de canal lateral. It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. • http://eprint.iacr.org/2016/594.pdf http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org& • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 9.3EPSS: 3%CPEs: 13EXPL: 0CVE-2016-1669 – V8: integer overflow leading to buffer overflow in Zone::New
https://notcve.org/view.php?id=CVE-2016-1669
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. La función Zone::New en zone.cc en Google V8 en versiones anteriores a 5.0.71.47, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.102, no determina correctamente cuándo expandir ciertas asignaciones de memoria, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html http://rhn.redhat.com/errata/RHSA-2016-1080.html http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.debian.org/security/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •