Lucene search
K

232 matches found

CNNVD
CNNVD
added 2026/03/19 12:0 a.m.6 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains security vulnerabilities; one of these vulnerabilities stems from a heap overflow in TLS 1.3 ECH parsing...

9.8CVSS6AI score0.00487EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26349

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.4 Description A flaw exists in wolfSSL 5.8.4’s Encrypted Client Hello ECH support. A specially crafted ECH configuration from a malicious TLS server can trigger a stack buffer overflow on the client side. This could...

9.8CVSS6.6AI score0.00444EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/05 4:53 p.m.5 views

CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

5.8AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 4:53 p.m.34 views

CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

0.00345EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 11:10 p.m.4 views

GO-2026-4509 Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls

Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References3
OSV
OSV
added 2026/02/20 3:16 a.m.4 views

DEBIAN-CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.3AI score0.00268EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/20 3:16 a.m.4 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.7AI score0.00268EPSS
Exploits0References5
OSV
OSV
added 2026/02/20 3:16 a.m.4 views

UBUNTU-CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/20 2:50 a.m.5 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.3AI score0.00268EPSS
Exploits0
CVE
CVE
added 2026/02/20 2:47 a.m.23 views

CVE-2026-27017

CVE-2026-27017 affects the uTLS fork of crypto/tls ( Versions 1.6.0–1.8.0 ) with GREASE ECH, causing a fingerprint mismatch with Chrome due to inconsistent cipher-suite selection between the outer ClientHello and ECH. Specifically, uTLS hardcodes AES for the outer cipher suite while randomly sele...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/09 2:51 p.m.7 views

CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.2AI score0.01382EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 9:19 p.m.26 views

CVE-2026-24904

CVE-2026-24904 concerns TrustTunnel, an open‑source VPN protocol. The issue arises prior to version 0.9.115 where a rule-by-prefix bypass could occur: in tls_listener.rs, TlsListener::listen() peeks 1024 bytes and calls extract_client_random(...). If parse_tls_plaintext fails (e.g., fragmented/pa...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/28 8:16 p.m.4 views

AZL-78933 CVE-2025-61730 affecting package golang 1.25.7-1

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS6.6AI score0.00276EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/28 10:8 a.m.3 views

openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...

5.9CVSS5.7AI score0.00748EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/27 3:51 p.m.4 views

CVE-2025-15468

A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...

5.9CVSS5.7AI score0.00748EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : nss-3.36.0-9.AXS4 (AXSA:2018-3352:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3352:01 advisory. nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello CVE-2018-12384 Tenable has extracted the preceding description block directly...

5.9CVSS6.2AI score0.01496EPSS
Exploits0References2
OSV
OSV
added 2025/12/31 12:18 a.m.6 views

OSV-2025-1049 Heap-buffer-overflow in unsigned char* std::__1::vector<unsigned char, std::__1::allocator<unsigned char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472222304 Crash type: Heap-buffer-overflow READ 1 Crash state: unsigned char std::1::vectorunsigned char, std::1::allocatorunsigned char pcpp::TLSECPointFormatExtension::getECPointFormatList...

5.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 10:31 p.m.5 views

CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS7AI score0.004EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/22 12:31 a.m.5 views

EUVD-2025-198524

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS6.5AI score0.004EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/22 12:31 a.m.5 views

EUVD-2025-198525

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

2.3CVSS6.4AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder