Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-4353

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-09 Jan, 2014 | 01:00
Updated At-06 Aug, 2024 | 16:38
Rejected At-
Credits

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:09 Jan, 2014 | 01:00
Updated At:06 Aug, 2024 | 16:38
Rejected At:
▼CVE Numbering Authority (CNA)

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.splunk.com/view/SP-CAAAMB3
x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2837
vendor-advisory
x_refsource_DEBIAN
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
x_refsource_CONFIRM
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
vendor-advisory
x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2079-1
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-0015.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
vendor-advisory
x_refsource_SUSE
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1049058
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0041.html
vendor-advisory
x_refsource_REDHAT
http://www.openssl.org/news/vulnerabilities.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.splunk.com/view/SP-CAAAMB3
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2014/dsa-2837
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Resource:
x_refsource_CONFIRM
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2079-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0015.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1049058
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0041.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.openssl.org/news/vulnerabilities.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.splunk.com/view/SP-CAAAMB3
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2014/dsa-2837
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
x_refsource_CONFIRM
x_transferred
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2079-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-0015.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1049058
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-0041.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.openssl.org/news/vulnerabilities.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.splunk.com/view/SP-CAAAMB3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-2837
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2079-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0015.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1049058
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0041.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.openssl.org/news/vulnerabilities.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:09 Jan, 2014 | 01:55
Updated At:11 Apr, 2025 | 00:51

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
OpenSSL
openssl
>>openssl>>1.0.1
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1a
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1b
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1c
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1d
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1e
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stablesecalert@redhat.com
N/A
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631secalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2014-0015.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2014-0041.htmlsecalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001841secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001843secalert@redhat.com
N/A
http://www.debian.org/security/2014/dsa-2837secalert@redhat.com
N/A
http://www.openssl.org/news/vulnerabilities.htmlsecalert@redhat.com
Vendor Advisory
http://www.splunk.com/view/SP-CAAAMB3secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-2079-1secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1049058secalert@redhat.com
N/A
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stableaf854a3a-2127-422b-91ae-364da2661108
N/A
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-0015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-0041.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001841af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001843af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-2837af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openssl.org/news/vulnerabilities.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.splunk.com/view/SP-CAAAMB3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2079-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1049058af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0015.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0041.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-2837
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openssl.org/news/vulnerabilities.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.splunk.com/view/SP-CAAAMB3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2079-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1049058
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0041.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-2837
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openssl.org/news/vulnerabilities.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.splunk.com/view/SP-CAAAMB3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2079-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1049058
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

606Records found
CVE-2017-11613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 56.61%
||
7 Day CHG~0.00%
Published-26 Jul, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3343
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.28% / 79.33%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8652
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-16.37% / 94.70%
||
7 Day CHG~0.00%
Published-16 Feb, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.84%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 19:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.

Action-Not Available
Vendor-exempi_projectn/a
Product-exempin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7074
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.92%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15346
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-s12700s5700_firmwares6700_firmwares9700s7700s12700_firmwares1700_firmwareecns210_td_firmwares9700_firmwares7700_firmwareecns210_tds5700s6700s1700S12700, S1700,S3700,S5700,S6700,S7700, S9700, eCNS210_TD
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 11
  • 12
  • 13
  • Next
Details not found