3 matches found
AZL-52910 CVE-2024-4741 affecting package hvloader for versions less than 1.0.1-6
Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...
AZL-47649 CVE-2024-2511 affecting package hvloader for versions less than 1.0.1-6
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...
AZL-47700 CVE-2023-0466 affecting package hvloader for versions less than 1.0.1-6
The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...