rpm package
suse/libpulp&distro=SUSE Linux Micro 6.0
pkg:rpm/suse/libpulp&distro=SUSE%20Linux%20Micro%206.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-4741 | Hig | 7.5 | < 0.3.5-1.1 | 0.3.5-1.1 | Nov 13, 2024 | Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of | |
| CVE-2024-6119 | Hig | 7.5 | < 0.3.5-1.1 | 0.3.5-1.1 | Sep 3, 2024 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can | |
| CVE-2024-5535 | Cri | 9.1 | < 0.3.5-1.1 | 0.3.5-1.1 | Jun 27, 2024 | Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected appl | |
| CVE-2024-4603 | Med | 5.3 | < 0.3.5-1.1 | 0.3.5-1.1 | May 16, 2024 | Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parame | |
| CVE-2024-2511 | Med | 5.9 | < 0.3.5-1.1 | 0.3.5-1.1 | Apr 8, 2024 | Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This prob |
- affected < 0.3.5-1.1fixed 0.3.5-1.1
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of
- affected < 0.3.5-1.1fixed 0.3.5-1.1
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can
- affected < 0.3.5-1.1fixed 0.3.5-1.1
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected appl
- affected < 0.3.5-1.1fixed 0.3.5-1.1
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parame
- affected < 0.3.5-1.1fixed 0.3.5-1.1
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This prob