Entrouvert : Security Vulnerabilities, CVEs, CVSS score >= 4
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Max CVSS
7.5
EPSS Score
0.41%
Published
2021-06-04
Updated
2021-12-02
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.78%
Published
2017-08-11
Updated
2017-08-24
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Max CVSS
4.3
EPSS Score
0.36%
Published
2009-01-07
Updated
2018-10-11
3 vulnerabilities found