5 matches found
CVE-2025-61730
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...
PT-2026-2490
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.26 Release Candidate 3 Description The issue resides within the crypto/tls package, specifically during TLS session resumption. If the underlying Config object has its ClientCAs or RootCAs fields modified between the...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
golang: crypto/tls: session tickets lack random ticket_age_add
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...