Search criteria
8 vulnerabilities by yassl
CVE-2014-2900 (GCVE-0-2014-2900)
Vulnerability from cvelistv5 – Published: 2014-04-22 14:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html"
},
{
"name": "GLSA-201612-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-53"
},
{
"name": "[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/126"
},
{
"name": "66780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66780"
},
{
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/130"
},
{
"name": "57743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html"
},
{
"name": "GLSA-201612-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-53"
},
{
"name": "[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/126"
},
{
"name": "66780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66780"
},
{
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/130"
},
{
"name": "57743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html",
"refsource": "CONFIRM",
"url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html"
},
{
"name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html",
"refsource": "CONFIRM",
"url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html"
},
{
"name": "GLSA-201612-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-53"
},
{
"name": "[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/126"
},
{
"name": "66780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66780"
},
{
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/130"
},
{
"name": "57743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2900",
"datePublished": "2014-04-22T14:00:00",
"dateReserved": "2014-04-18T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2899 (GCVE-0-2014-2899)
Vulnerability from cvelistv5 – Published: 2014-04-22 14:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html"
},
{
"name": "GLSA-201612-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-53"
},
{
"name": "[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/126"
},
{
"name": "66780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66780"
},
{
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/130"
},
{
"name": "57743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html"
},
{
"name": "GLSA-201612-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-53"
},
{
"name": "[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/126"
},
{
"name": "66780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66780"
},
{
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/130"
},
{
"name": "57743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html",
"refsource": "CONFIRM",
"url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html"
},
{
"name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html",
"refsource": "CONFIRM",
"url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html"
},
{
"name": "GLSA-201612-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-53"
},
{
"name": "[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/126"
},
{
"name": "66780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66780"
},
{
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/130"
},
{
"name": "57743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2899",
"datePublished": "2014-04-22T14:00:00",
"dateReserved": "2014-04-18T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1623 (GCVE-0-2013-1623)
Vulnerability from cvelistv5 – Published: 2013-02-08 19:00 – Updated: 2024-08-06 15:04
VLAI?
Summary
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yassl.com/yaSSL/Blog/Entries/2013/2/5_WolfSSL%2C_provider_of_CyaSSL_Embedded_SSL%2C_releases_first_embedded_TLS_and_DTLS_protocol_fix_for_Lucky_Thirteen_Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yassl.com/yaSSL/Blog/Entries/2013/2/5_WolfSSL%2C_provider_of_CyaSSL_Embedded_SSL%2C_releases_first_embedded_TLS_and_DTLS_protocol_fix_for_Lucky_Thirteen_Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://www.yassl.com/yaSSL/Blog/Entries/2013/2/5_WolfSSL%2C_provider_of_CyaSSL_Embedded_SSL%2C_releases_first_embedded_TLS_and_DTLS_protocol_fix_for_Lucky_Thirteen_Attack.html",
"refsource": "CONFIRM",
"url": "http://www.yassl.com/yaSSL/Blog/Entries/2013/2/5_WolfSSL%2C_provider_of_CyaSSL_Embedded_SSL%2C_releases_first_embedded_TLS_and_DTLS_protocol_fix_for_Lucky_Thirteen_Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1623",
"datePublished": "2013-02-08T19:00:00",
"dateReserved": "2013-02-05T00:00:00",
"dateUpdated": "2024-08-06T15:04:49.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1558 (GCVE-0-2012-1558)
Vulnerability from cvelistv5 – Published: 2012-03-12 19:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48634"
},
{
"name": "cyassl-x509-dos(74095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74095"
},
{
"name": "52828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48634"
},
{
"name": "cyassl-x509-dos(74095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74095"
},
{
"name": "52828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48634"
},
{
"name": "cyassl-x509-dos(74095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74095"
},
{
"name": "52828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52828"
},
{
"name": "http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html",
"refsource": "CONFIRM",
"url": "http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1558",
"datePublished": "2012-03-12T19:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2900 (GCVE-0-2011-2900)
Vulnerability from cvelistv5 – Published: 2011-08-05 21:00 – Updated: 2024-08-06 23:15
VLAI?
Summary
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-11823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"name": "48980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"name": "45464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45464"
},
{
"name": "45902",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45902"
},
{
"name": "FEDORA-2011-11825",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"name": "mongoose-put-bo(68991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"name": "8337",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8337"
},
{
"name": "FEDORA-2011-11636",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-11823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"name": "48980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"name": "45464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45464"
},
{
"name": "45902",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45902"
},
{
"name": "FEDORA-2011-11825",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"name": "mongoose-put-bo(68991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"name": "8337",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8337"
},
{
"name": "FEDORA-2011-11636",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2900",
"datePublished": "2011-08-05T21:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0227 (GCVE-0-2008-0227)
Vulnerability from cvelistv5 – Published: 2008-01-10 23:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"name": "29443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29443"
},
{
"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"name": "28324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28324"
},
{
"name": "3531",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3531"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "yassl-hashwithtransformupdate-dos(39433)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mysql.com/33814"
},
{
"name": "27140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27140"
},
{
"name": "28597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28597"
},
{
"name": "ADV-2008-0560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "USN-588-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"name": "MDVSA-2008:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"name": "29443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29443"
},
{
"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"name": "28324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28324"
},
{
"name": "3531",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3531"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "yassl-hashwithtransformupdate-dos(39433)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mysql.com/33814"
},
{
"name": "27140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27140"
},
{
"name": "28597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28597"
},
{
"name": "ADV-2008-0560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "USN-588-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"name": "MDVSA-2008:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1478",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"name": "29443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29443"
},
{
"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"name": "28324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28324"
},
{
"name": "3531",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3531"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "yassl-hashwithtransformupdate-dos(39433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39433"
},
{
"name": "http://bugs.mysql.com/33814",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/33814"
},
{
"name": "27140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27140"
},
{
"name": "28597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28597"
},
{
"name": "ADV-2008-0560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "USN-588-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"name": "MDVSA-2008:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0227",
"datePublished": "2008-01-10T23:00:00",
"dateReserved": "2008-01-10T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0226 (GCVE-0-2008-0226)
Vulnerability from cvelistv5 – Published: 2008-01-10 23:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"name": "29443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29443"
},
{
"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"name": "28324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28324"
},
{
"name": "3531",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3531"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mysql.com/33814"
},
{
"name": "27140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27140"
},
{
"name": "28597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28597"
},
{
"name": "ADV-2008-0560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
},
{
"name": "28419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28419"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "USN-588-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"name": "MDVSA-2008:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
},
{
"name": "yassl-inputbufferoperator-bo(39431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
},
{
"name": "yassl-processoldclienthello-bo(39429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"name": "29443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29443"
},
{
"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"name": "28324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28324"
},
{
"name": "3531",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3531"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mysql.com/33814"
},
{
"name": "27140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27140"
},
{
"name": "28597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28597"
},
{
"name": "ADV-2008-0560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
},
{
"name": "28419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28419"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "USN-588-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"name": "MDVSA-2008:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
},
{
"name": "yassl-inputbufferoperator-bo(39431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
},
{
"name": "yassl-processoldclienthello-bo(39429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1478",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"name": "29443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29443"
},
{
"name": "20080104 Multiple vulnerabilities in yaSSL 1.7.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"name": "28324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28324"
},
{
"name": "3531",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3531"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://bugs.mysql.com/33814",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/33814"
},
{
"name": "27140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27140"
},
{
"name": "28597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28597"
},
{
"name": "ADV-2008-0560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"name": "20080104 Pre-auth buffer-overflow in mySQL through yaSSL",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
},
{
"name": "28419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28419"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "USN-588-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"name": "MDVSA-2008:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
},
{
"name": "yassl-inputbufferoperator-bo(39431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
},
{
"name": "yassl-processoldclienthello-bo(39429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0226",
"datePublished": "2008-01-10T23:00:00",
"dateReserved": "2008-01-10T00:00:00",
"dateUpdated": "2024-08-07T07:39:35.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3731 (GCVE-0-2005-3731)
Vulnerability from cvelistv5 – Published: 2005-11-21 11:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yassl.com/release.html"
},
{
"name": "17619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17619"
},
{
"name": "15487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15487"
},
{
"name": "20831",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to \"certificate chain processing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yassl.com/release.html"
},
{
"name": "17619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17619"
},
{
"name": "15487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15487"
},
{
"name": "20831",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to \"certificate chain processing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yassl.com/release.html",
"refsource": "CONFIRM",
"url": "http://yassl.com/release.html"
},
{
"name": "17619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17619"
},
{
"name": "15487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15487"
},
{
"name": "20831",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3731",
"datePublished": "2005-11-21T11:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}