Lucene search
+L

54 matches found

Vulnrichment
Vulnrichment
added 2024/11/12 12:0 a.m.22 views

CVE-2024-48075

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...

5.4AI score0.00597EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.10 views

PT-2024-32984 · Real Time Logic · Sharkssl

Name of the Vulnerable Software and Affected Versions: Real Time Logic SharkSSL versions 09.09.24 and earlier Description: A Heap buffer overflow in the server-site handshake implementation allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...

5.3CVSS7.2AI score0.00597EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/11/12 12:0 a.m.26 views

CVE-2024-48075

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...

0.00597EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 12:0 a.m.56 views

CVE-2024-48075

The CVE-2024-48075 issue concerns Real Time Logic SharkSSL. A heap buffer overflow occurs in the server-side handshake implementation for TLS, affecting SharkSSL versions 09.09.24 and earlier. The vulnerability can allow a remote attacker to trigger a Denial-of-Service via a malformed TLS Client ...

5.3CVSS5.4AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 12:0 a.m.20 views

CVE-2024-48075

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...

5.3CVSS5.4AI score0.00597EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/05 3:22 p.m.3 views

gnutls: incomplete fix for CVE-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/01/31 8:50 a.m.4 views

gnutls: incomplete fix for CVE-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References6
OSV
OSV
added 2024/01/26 11:6 a.m.3 views

OESA-2024-1091 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

7.5CVSS6.6AI score0.01614EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/01/25 12:0 a.m.7 views

The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows attackers to gain unauthorized access to protected information.

The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS1 additional fields. Exploiting this vulnerability could allow a remote...

7.8CVSS6.7AI score0.01614EPSS
Exploits1References13Affected Software6
RedHat Linux
RedHat Linux
added 2024/01/22 1:42 p.m.6 views

gnutls: timing side-channel in the RSA-PSK authentication

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.7AI score0.01257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.4 views

PT-2024-11019 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS versions through 2018-08-30 Description: An issue was discovered where one incorrect handshake could complete with different epoch numbers in the packets Client Hello, Client key exchange, and Change cipher spec, which may...

9.8CVSS9.1AI score0.01181EPSS
Exploits0References8
OSV
OSV
added 2024/01/16 12:15 p.m.2 views

UBUNTU-CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-1281

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description The issue is related to a difference in response time when handling RSA ciphertext in ClientKeyExchange messages with correct and incorrect PKCS1 padding. This could allow a remote attacker to...

7.8CVSS6.7AI score0.01614EPSS
Exploits1References126
RedHat Linux
RedHat Linux
added 2024/01/10 5:14 p.m.3 views

gnutls: timing side-channel in the RSA-PSK authentication

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.7AI score0.01257EPSS
Exploits0References5
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: gnutls

Issue Overview: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected. CVE-2023-5981 Affected Packages: gnutls Issue Correction:...

5.9CVSS6.7AI score0.01257EPSS
Exploits0
OSV
OSV
added 2023/12/01 11:6 a.m.4 views

OESA-2023-1867 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

5.9CVSS6.7AI score0.01257EPSS
Exploits0References2
OSV
OSV
added 2023/11/28 12:15 p.m.4 views

ALPINE-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS8.4AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2023/11/28 12:15 p.m.5 views

AZL-32048 CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.7AI score0.01257EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/22 12:0 a.m.7 views

The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows a attacker to recover the decryption key for messages.

The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect additional PKCS1 fields. Exploiting this vulnerability could allow a malicious...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References14Affected Software7
RedHat Linux
RedHat Linux
added 2023/05/31 8:48 a.m.4 views

gnutls: timing side-channel in the TLS RSA key exchange code

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

7.4CVSS6.8AI score0.01403EPSS
Exploits1References4
Rows per page
Query Builder