Lucene search
+L

11 matches found

OSV
OSV
added 5 days ago5 views

JLSEC-2026-685 In function MatchDomainName(), input param str is treated as a NULL terminated string despite...

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

10CVSS6.1AI score0.0056EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS5.6AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 12:30 a.m.6 views

EUVD-2026-21218

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

2.1CVSS6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 11:8 p.m.13 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 10:16 p.m.15 views

DEBIAN-CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 10:16 p.m.3 views

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS6AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:50 p.m.3 views

CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

2.1CVSS6AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 9:50 p.m.28 views

CVE-2026-5772

The CVE-2026-5772 issue is a 1-byte stack buffer over-read in wolfSSL’s MatchDomainName (src/internal.c) when validating wildcards with LEFT_MOST_WILDCARD_ONLY; if a wildcard exhausts the hostname, one byte past the buffer is read without bounds checking, potentially crashing the process. Evidenc...

5.3CVSS6AI score0.00228EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/09 9:50 p.m.6 views

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS5.4AI score0.00228EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.4 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL suffers from an out-of-bounds read vulnerability that stems from the failure to check user input in the MatchDomainName function, which can be...

10CVSS6.7AI score0.0056EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.5 views

PT-2024-6325 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions through 5.7.0 Description: The issue is related to the function MatchDomainName in the wolfSSL library, where the input parameter str is treated as a NULL terminated string despite being user-provided and unchecked. This can...

10CVSS7AI score0.0056EPSS
Exploits0References17
Rows per page
Query Builder