Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2023-50781

Medium priority
Needs evaluation

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

1 affected package

m2crypto

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
m2crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-25657

Low priority
Needs evaluation

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this...

1 affected package

m2crypto

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
m2crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2009-0127

Medium priority
Ignored

** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of...

1 affected package

m2crypto

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
m2crypto
Show less packages