282 matches found
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
BIT-NODE-MIN-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
AZL-75080 CVE-2026-21637 affecting package nodejs for versions less than 20.14.0-13
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
CVE-2026-21637 is a Node.js TLS handling issue where synchronous exceptions in PSK/ALPN callbacks can bypass tlsClientError/error paths, causing process termination or FD leaks and potential DoS. Connected advisories (ALAS2023-2026-1404, ALAS2023-2026-1402, ALAS2023-2026-1403, CBLMARINER) confirm...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a TLS server is configured with pskCallback or ALPNCallback. A remote attacker can crash or exhaust resources of a TLS server by sending input that causes the callback to throw an error...
Node.js: TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak
A flaw was discovered in Node.js TLS error handling that allowed remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback were in use. Synchronous exceptions thrown during these callbacks bypassed standard TLS error handling paths, causing either immediate...
BIT-NGINX-GATEWAY-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
TencentOS Server 4: openssl (TSSA-2024:0289)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0289 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
ALPN negotiation error contains attacker controlled information in crypto/tls
...