Lucene search
K

232 matches found

Debian CVE
Debian CVE
added 2026/04/09 10:35 p.m.5 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00393EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/09 10:35 p.m.12 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00393EPSS
Exploits0
OSV
OSV
added 2026/04/09 6:16 p.m.3 views

ALPINE-CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 6:0 p.m.25 views

CVE-2026-1584

The CVE-2026-1584 entry concerns gnutls. A remote, unauthenticated attacker can trigger a NULL pointer dereference during TLS via a crafted ClientHello that has an invalid PSK binder, causing a server crash and remote DoS. Connected documents confirm this vulnerability across multiple sources (NV...

7.5CVSS5.9AI score0.01382EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/09 6:0 p.m.4 views

CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 6:0 p.m.22 views

CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS0.01382EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31816

Name of the Vulnerable Software and Affected Versions WolfSSL affected versions not specified Description The TLSX EchChangeSNI function incorrectly set extensions even when TLSX Find returned NULL. This allowed TLSX UseSNI to attach an attacker-controlled publicName to the shared WOLFSSL CTX whe...

9.1CVSS5.8AI score0.00393EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.9 views

CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

9.8CVSS6AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 6:16 p.m.5 views

GO-2026-4793 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.4 views

SUSE CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

5.3CVSS5.9AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 3:43 p.m.5 views

EUVD-2026-13663

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/20 3:43 p.m.10 views

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config

Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References6Affected Software3
Snyk
Snyk
added 2026/03/20 12:43 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the SNI extraction when handling fragmented TLS ClientHello packets. An attacker can gain unauthorized access to services protected by mutual TLS by sending a fragmented ClientHello, causin...

10CVSS5.8AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 11:18 a.m.5 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

8.3CVSS0.00405EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/20 10:1 a.m.23 views

CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS0.00405EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:1 a.m.4 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-3549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing...

9.8CVSS6AI score0.00487EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 10:45 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...

9.8CVSS6.4AI score0.00487EPSS
Exploits0References2
Rows per page
Query Builder