The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a “SMACK SKIP-TLS” issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mono | < 3.2.8+dfsg-10 | mono_3.2.8+dfsg-10_all.deb |
Debian | 11 | all | mono | < 3.2.8+dfsg-10 | mono_3.2.8+dfsg-10_all.deb |
Debian | 10 | all | mono | < 3.2.8+dfsg-10 | mono_3.2.8+dfsg-10_all.deb |
Debian | 999 | all | mono | < 3.2.8+dfsg-10 | mono_3.2.8+dfsg-10_all.deb |
Debian | 13 | all | mono | < 3.2.8+dfsg-10 | mono_3.2.8+dfsg-10_all.deb |