Dell Bsafe Crypto-C vulnerabilities

5 known vulnerabilities affecting dell/bsafe_crypto-c.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-3728HIGHCVSS 7.5≥ 6.0.0, ≤ 6.42019-09-30
CVE-2019-3728 [HIGH] CWE-125 CVE-2019-3728: RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, R RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could
nvd
CVE-2018-11058CRITICALCVSS 9.8≥ 4.0.0, < 4.0.5.32018-09-14
CVE-2018-11058 [CRITICAL] CWE-125 CVE-2018-11058: RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), an RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
nvd
CVE-2018-11056MEDIUMCVSS 6.5≥ 4.0.0, < 4.0.5.32018-08-31
CVE-2018-11056 [MEDIUM] CWE-400 CVE-2018-11056: RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition ver RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially caus
nvd
CVE-2015-0537CRITICALCVSS 9.8fixed in 4.0.42015-08-20
CVE-2015-0537 [CRITICAL] CVE-2015-0537: Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4 Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly hav
nvd
CVE-2006-3894MEDIUMCVSS 5.0≤ 6.32007-05-22
CVE-2006-3894 [MEDIUM] CVE-2006-3894: The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
nvd