57 matches found
PT-2024-15131 · Wolfssl +1 · Wolfssl +1
Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.6.6 Description: The issue arises from the failure to check that messages in one DTLS record do not span key boundaries, allowing the combination of DTLS messages using different keys into one DTLS record. In the...
PT-2023-35667 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash occurs in the processClientServerHello and processTLSBlock...
PT-2023-35669 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash occurs in the processClientServerHello function, specifically in the process tls and fuz...
SUSE CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
SUSE CVE-2014-5139
The sslsetclientdisabled function in t1lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service NULL pointer dereference and client application crash via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite...
GO-2023-1535 Panic during unmarshal of Server Hello in github.com/pion/dtls/v2
Unmarshalling a Server Hello can panic, which could allow a denial of service...
Denial Of Service (DoS)
github.com/pion/dtls is vulnerable to Denial Of Service DoS. The vulnerability exists in Unmarshal function due to out of bounds read via the server hello response which can result in an application crash...
UBUNTU-CVE-2021-36082
ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello...
picotls/fuzz-server-hello: Heap-buffer-overflow in ptls_set_negotiated_protocol
Project: https://github.com/h2o/picotls.git Detailed report: https://oss-fuzz.com/testcase?key=5123788977471488 Project: picotls Fuzzer: libFuzzerpicotlsfuzz-server-hello Fuzz target binary: fuzz-server-hello Job Type: libfuzzerasanpicotls Platform Id: linux Crash Type: Heap-buffer-overflow READ...
The vulnerability of the VLC Media Player software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.
Overfilling the buffer in the readserverhello function in lib/gnutlshandshake.c in GnuTLS allows remote servers to trigger a service failure a memory-related error or execute arbitrary code using the long session identifier in the ServerHello message...
The vulnerability of the OpenSSL software allows a malicious attacker to compromise the accessibility of protected information.
The vulnerability in the sslsetclientdisabled function in t1lib.c of OpenSSL allows remote SSL servers to trigger a service failure by replacing the null pointer and terminating the client application abnormally, using the ServerHello message. This message includes the SRP crypto packet without...
The vulnerability of the OpenSSL library, which allows attackers to carry out attacks aimed at reducing the security of encryption algorithms
The vulnerability of the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor, operating remotely and having access to the data transmission channel, to carry out attacks aimed at reducing the resilience of encryption...
TLS protocol man-in-the-middle attack vulnerability
TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating applications. A security vulnerability exists in the TLS protocol version 1.2 and earlier. When the server enabled the DHEEXPORT cipher suite, the program failed to...
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...
OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an issue while parsing Server Hello messages with a specific cipher suite and extension. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target...
openssl: DoS when sending invalid DTLS handshake
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...
openssl: race condition in ssl_parse_serverhello_tlsext
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...
DEBIAN-CVE-2014-5139
The sslsetclientdisabled function in t1lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service NULL pointer dereference and client application crash via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite...
openssl security update
1.0.1e-34.4 - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing serve...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2308-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2308-1 advisory. Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL ...