Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1522)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1522 advisory. Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword...

undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

AZL-42949 CVE-2024-2511 affecting package openssl for versions less than 1.1.1k-30

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

UBUNTU-CVE-2019-11727

A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerabilit...