Lucene search
K

4 matches found

exploitpack
exploitpack
added 2019/03/28 12:0 a.m.40 views

gnutls 3.6.6 - verify_crt() Use-After-Free

gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...

7.4AI score
Exploits0
OSV
OSV
added 2015/12/06 8:59 p.m.2 views

DEBIAN-CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

4.3CVSS8.9AI score0.12814EPSS
Exploits1References1
OSV
OSV
added 2015/06/02 12:0 a.m.3 views

UBUNTU-CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

6.8CVSS7.2AI score0.15968EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 5:35 p.m.6 views

openssl: race condition in ssl_parse_serverhello_tlsext

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...

6.8CVSS6.9AI score0.13359EPSS
Exploits0References5
Rows per page
Query Builder