Lucene search
K

10 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-11404

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mgtlsserverrecvhello, which uses an attacker-controlled sessionidlen byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated...

8.7CVSS0.00441EPSS
Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-11404

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthent...

8.7CVSS6.2AI score0.00441EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

CVE-2026-11404 Cesanta Mongoose before 7.22 Out-of-Bounds Read in MG_TLS_BUILTIN ClientHello Session ID Parsing

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mgtlsserverrecvhello, which uses an attacker-controlled sessionidlen byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated...

8.7CVSS6.2AI score0.00441EPSS
Exploits0References6
CNVD
CNVD
added 2024/08/21 12:0 a.m.7 views

AUO DIR-860L Buffer Overflow Vulnerability

The AUO DIR-860L is a wireless router from China's AUO that supports the Wi-Fi 5 standard and offers dual-band 2.4GHz and 5GHz network connectivity with a maximum transmission speed of up to 1200 Mbps.The device has a built-in antenna and comes with one USB 3.0 port and four Gigabit wired ports. ...

9.8CVSS7.9AI score0.15507EPSS
Exploits1References1
OSV
OSV
added 2023/05/25 1:58 p.m.9 views

CLSA-2023-1685023099 libssh: Fix of CVE-2021-3634

CVE-2021-3634: create a separate length for sessionid...

6.5CVSS6.7AI score0.04683EPSS
Exploits0References1
OSV
OSV
added 2020/07/22 12:0 a.m.11 views

OSV-2020-920 Heap-buffer-overflow in pcpp::SSLServerHelloMessage::getSessionIDLength

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22523 Crash type: Heap-buffer-overflow READ 1 Crash state: pcpp::SSLServerHelloMessage::getSessionIDLength pcpp::SSLServerHelloMessage::SSLServerHelloMessage pcpp::SSLHandshakeMessage::createHandhakeMessage...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.37 views

Oracle Linux 7 : gnutls (ELSA-2014-0684)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0684 advisory. 3.1.18-9 - fix session ID length check 1102027 - fixes null pointer dereference 1101727 Tenable has extracted the preceding description block directly...

6.8CVSS8.5AI score0.11221EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2014/06/30 5:28 p.m.2 views

gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)

A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the...

6.8CVSS7.8AI score0.11221EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/06/04 12:0 a.m.42 views

Oracle Linux 5 : gnutls (ELSA-2014-0594)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0594 advisory. 1.4.1-16 - added missing check for null pointer 1102355 1.4.1-15 - fix session ID length check and null pointer dereference 1102355 - fix minitasn1...

7.5CVSS7.3AI score0.11221EPSS
Exploits2References5
Oracle linux
Oracle linux
added 2014/06/03 12:0 a.m.72 views

gnutls security update

1.4.1-16 - added missing check for null pointer 1102355 1.4.1-15 - fix session ID length check and null pointer dereference 1102355 - fix minitasn1 issues 1102355 - Renamed gnutls-1.4.1-cve-2014-5138.patch to cve-2009-5138.patch...

7.5CVSS1.8AI score0.11221EPSS
Exploits2
Rows per page
Query Builder