4418 matches found
EUVD-2026-39575
TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...
EUVD-2026-39576
Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...
CVE-2026-55962
TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...
CVE-2026-11703
Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...
CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption
Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...
CVE-2026-55962
CVE-2026-55962 (WolfSSL) : TLS 1.3 post-handshake authentication could allow a server to accept a client’s Finished message without a Certificate and CertificateVerify if a post-handshake CertificateRequest was outstanding. The fix scopes the check to the initial handshake: after certReqCtx is se...
CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify
TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...
DEBIAN-CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
CVE-2026-55958 Renesas TSIP TLS 1.3 transcript buffer out-of-bounds write in tsip_StoreMessage
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
CVE-2026-55958
The CVE-2026-55958 issue is a buffer overrun in Renesas TSIP TLS 1.3 transcript handling. In tsip_StoreMessage(), a capacity check for the fixed MSGBAG_SIZE (8 KB) sets an error but does not return, allowing an XMEMCPY to overwrite past the end once the TLS handshake transcript exceeds MSGBAGE_SI...
EUVD-2026-39546
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
EUVD-2026-39272
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...
CVE-2026-53181
The CVE describes a Linux kernel issue in vsock/vmci where on failed handshake vmci_transport_recv_listen() could skip balancing sk_acceptq_added/removed, leaving sk_ack_backlog incremented and potentially causing ECONNREFUSED for new connections once the backlog limit is reached. Concrete detail...
CVE-2026-53181
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...
PT-2026-52571
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An out-of-bounds write exists in the Renesas TSIP TLS 1.3 transcript buffer. In the tsip StoreMessage function, a capacity check for the fixed message bag MSGBAG SIZE sets an error code but...
CVE-2026-52814
CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...
CVE-2026-52814 Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...