JLSEC-2026-520

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...

Astra Linux - уязвимость в gnutls28

A flaw was discovered in gnutls. A use-after-free issue in the client’s sending of the keyshare extension may lead to memory corruption and other related issues...

Unity Linux 20.1060e / 20.1070e Security Update: gnutls (UTSA-2026-017626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017626 advisory. A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences. Tenable has extracted t...

EUVD-2026-13209

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

CVE-2026-3230

wolfSSL’s TLS 1.3 client logic is affected by an improper key_share handling during HelloRetryRequest, allowing a crafted HelloRetryRequest followed by a ServerHello without the key_share extension to derive predictable traffic secrets from the (EC)DHE shared secret. Affected component: TLS hands...

PT-2026-26366

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key share extension,...

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

EUVD-2025-198529

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

DEBIAN-CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

PT-2025-47810

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.2 and earlier Description A flaw exists in the processing of TLS 1.3 CKS extensions within wolfSSL. This improper input validation can be triggered by a specially crafted ClientHello message containing duplicate CKS...

EUVD-2023-44359

Malicious code in bioql PyPI...

CVE-2023-3724

...

AZL-27649 CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

UBUNTU-CVE-2023-3724

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

SUSE CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...

The vulnerability of the key_share extension in the Transport Layer Security library GnuTLS, related to memory usage after its deallocation, allows a attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the keyshare extension in the GnuTLS transport layer security library relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

...