Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 12:25 a.m.11 views

CVE-2026-45541 ESF-IDF: Remote Null Pointer Dereference in WebSocket Server

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS5.4AI score0.00439EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/03 1:17 p.m.9 views

CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

3.7CVSS5.8AI score0.00172EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 7:4 a.m.39 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.8AI score0.00805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/26 6:51 a.m.37 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.8AI score0.00805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/26 6:40 a.m.22 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.8AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 11:15 a.m.15 views

CLSA-2026-1778238329 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix DTLS handshake parsing integer underflow leading to OOB read...

9.1CVSS5.8AI score0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 5:41 p.m.58 views

CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

7.5CVSS0.00805EPSS
Exploits0References18
ATTACKERKB
ATTACKERKB
added 2026/04/30 5:41 p.m.8 views

CVE-2026-33845

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.2AI score0.00805EPSS
Exploits0References19
CVE
CVE
added 2026/04/30 5:41 p.m.130 views

CVE-2026-33845

The CVE-2026-33845 issue is a GnuTLS DTLS handshake parsing flaw that can trigger an integer underflow during reassembly of malformed DTLS fragments (zero length, non-zero offset), causing an out-of-bounds read. Connected OSV entries indicate affected packages such as rootio-gnutls28 in Root:Debi...

9.1CVSS5.2AI score0.00805EPSS
Exploits0References19Affected Software3
Snyk
Snyk
added 2026/04/30 5:28 p.m.3 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the DTLS handshake parsing process. An attacker can cause an out-of-bounds read and potentially disclose sensitive memory or crash the application by sending specially crafted DTLS handshake...

9.1CVSS5.8AI score0.00805EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36149

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A flaw in DTLS handshake parsing allows malformed fragments with zero length and non-zero offset to cause an integer underflow during reassembly. This leads to an out-of-bounds read, which is...

9.1CVSS5.8AI score0.00805EPSS
Exploits1References118
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2025-62603

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

7.5CVSS5.5AI score0.00501EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : rh-mysql56-mysql-5.6.37-5.AXS4 (AXSA:2017-2302:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2302:01 advisory. An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote...

7.8CVSS7.5AI score0.89924EPSS
Exploits17References38
Positive Technologies
Positive Technologies
added 2022/11/12 12:0 a.m.3 views

PT-2022-36765 · Git +1 · Suricata

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a use-of-uninitialized-value error. The crash occurs in the TLSDecodeHandshakeHello function, which is part of...

6.8AI score
Exploits0References2
OSV
OSV
added 2019/07/29 10:15 p.m.3 views

CVE-2019-14431

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...

9.8CVSS7.5AI score0.03632EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/07/29 12:0 a.m.4 views

PT-2019-13692 · Matrixssl · Matrixssl

Name of the Vulnerable Software and Affected Versions: MatrixSSL versions 3.8.3 Open through 4.2.1 Open Description: The issue arises from the DTLS server's mishandling of incoming network messages, leading to a heap-based buffer overflow of up to 256 bytes. This can result in possible Remote Cod...

9.8CVSS8.8AI score0.03632EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2017/10/12 7:53 a.m.6 views

mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)

An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon...

7.8CVSS7.6AI score0.89924EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2017/09/21 7:42 a.m.8 views

mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)

An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon...

7.8CVSS7.6AI score0.89924EPSS
Exploits7References6
securityvulns
securityvulns
added 2007/06/13 12:0 a.m.42 views

Microsoft Windows Secure Channle DoS

Service hangs on SSL/TLS handshake parsing...

9.3CVSS2.9AI score0.12544EPSS
Exploits0References2
Rows per page
Query Builder