54 matches found
CVE-2024-48075
A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...
PT-2024-32984 · Real Time Logic · Sharkssl
Name of the Vulnerable Software and Affected Versions: Real Time Logic SharkSSL versions 09.09.24 and earlier Description: A Heap buffer overflow in the server-site handshake implementation allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...
CVE-2024-48075
A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...
CVE-2024-48075
The CVE-2024-48075 issue concerns Real Time Logic SharkSSL. A heap buffer overflow occurs in the server-side handshake implementation for TLS, affecting SharkSSL versions 09.09.24 and earlier. The vulnerability can allow a remote attacker to trigger a Denial-of-Service via a malformed TLS Client ...
CVE-2024-48075
A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message...
gnutls: incomplete fix for CVE-2023-5981
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
gnutls: incomplete fix for CVE-2023-5981
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
OESA-2024-1091 gnutls security update
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...
The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows attackers to gain unauthorized access to protected information.
The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS1 additional fields. Exploiting this vulnerability could allow a remote...
gnutls: timing side-channel in the RSA-PSK authentication
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
PT-2024-11019 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS versions through 2018-08-30 Description: An issue was discovered where one incorrect handshake could complete with different epoch numbers in the packets Client Hello, Client key exchange, and Change cipher spec, which may...
UBUNTU-CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
PT-2024-1281
Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description The issue is related to a difference in response time when handling RSA ciphertext in ClientKeyExchange messages with correct and incorrect PKCS1 padding. This could allow a remote attacker to...
gnutls: timing side-channel in the RSA-PSK authentication
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
Medium: gnutls
Issue Overview: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected. CVE-2023-5981 Affected Packages: gnutls Issue Correction:...
OESA-2023-1867 gnutls security update
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...
ALPINE-CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
AZL-32048 CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows a attacker to recover the decryption key for messages.
The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect additional PKCS1 fields. Exploiting this vulnerability could allow a malicious...
gnutls: timing side-channel in the TLS RSA key exchange code
A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...