232 matches found
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains security vulnerabilities; one of these vulnerabilities stems from a heap overflow in TLS 1.3 ECH parsing...
PT-2026-26349
Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.4 Description A flaw exists in wolfSSL 5.8.4’s Encrypted Client Hello ECH support. A specially crafted ECH configuration from a malicious TLS server can trigger a stack buffer overflow on the client side. This could...
CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
GO-2026-4509 Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls
Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls...
DEBIAN-CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
UBUNTU-CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-27017
CVE-2026-27017 affects the uTLS fork of crypto/tls ( Versions 1.6.0–1.8.0 ) with GREASE ECH, causing a fingerprint mismatch with Chrome due to inconsistent cipher-suite selection between the outer ClientHello and ECH. Specifically, uTLS hardcodes AES for the outer cipher suite while randomly sele...
CVE-2026-1584
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...
CVE-2026-24904
CVE-2026-24904 concerns TrustTunnel, an open‑source VPN protocol. The issue arises prior to version 0.9.115 where a rule-by-prefix bypass could occur: in tls_listener.rs, TlsListener::listen() peeks 1024 bytes and calls extract_client_random(...). If parse_tls_plaintext fails (e.g., fragmented/pa...
AZL-78933 CVE-2025-61730 affecting package golang 1.25.7-1
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...
openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling
A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...
CVE-2025-15468
A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...
MiracleLinux 4 : nss-3.36.0-9.AXS4 (AXSA:2018-3352:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3352:01 advisory. nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello CVE-2018-12384 Tenable has extracted the preceding description block directly...
OSV-2025-1049 Heap-buffer-overflow in unsigned char* std::__1::vector<unsigned char, std::__1::allocator<unsigned char
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472222304 Crash type: Heap-buffer-overflow READ 1 Crash state: unsigned char std::1::vectorunsigned char, std::1::allocatorunsigned char pcpp::TLSECPointFormatExtension::getECPointFormatList...
CVE-2025-11936
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...
EUVD-2025-198524
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...
EUVD-2025-198525
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...