undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

SUSE CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

DEBIAN-CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

Wolfssl 安全漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from Wolfssl Inc. in the United States. A security vulnerability exists in Wolfssl versions prior to 5.5.0 that stems from the fact that a man-in-the-middle attacker or a malicious server can cras...

PT-2022-24245 · Wolfssl · Wolfssl

Name of the Vulnerable Software and Affected Versions: wolfSSL version 5.3.0 Description: An issue in wolfSSL allows man-in-the-middle attackers or a malicious server to crash TLS 1.2 clients during a handshake. This occurs when an attacker injects a large ticket more than 256 bytes into a...

DEBIAN-CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

OpenSSL 'ssl3_get_new_session_ticket()' memory misreference vulnerability

OpenSSL is an open source SSL implementation used to implement strong encryption for network communications. A two-time memory misreference error vulnerability in OpenSSL ssl3getnewsessionticket allows a remote server to return a specially crafted NewSessionTicket message to connect to a...

UBUNTU-CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...