35 matches found
JLSEC-2026-252 Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported...
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
DEBIAN-CVE-2026-31931
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
CVE-2026-31931 Suricata tls: null dereference in tls.alpn rule keyword
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
EUVD-2026-13166
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...
CVE-2026-3547
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...
CVE-2026-3547
CVE-2026-3547 concerns wolfSSL before or including version 5.8.4, where an out-of-bounds read can occur in ALPN parsing due to incomplete validation when ALPN is enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list may trigger a crash, causing a denial of service. ALPN is disabled by...
PT-2026-26338
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVE ALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process cras...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
BIT-NODE-MIN-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
CVE-2026-21637 is a Node.js TLS handling issue where synchronous exceptions in PSK/ALPN callbacks can bypass tlsClientError/error paths, causing process termination or FD leaks and potential DoS. Connected advisories (ALAS2023-2026-1404, ALAS2023-2026-1402, ALAS2023-2026-1403, CBLMARINER) confirm...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a TLS server is configured with pskCallback or ALPNCallback. A remote attacker can crash or exhaust resources of a TLS server by sending input that causes the callback to throw an error...
TencentOS Server 4: openssl (TSSA-2024:0289)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0289 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
ALPN negotiation error contains attacker controlled information in crypto/tls
...
AZL-78917 CVE-2025-58189 affecting package golang 1.25.7-1
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...