Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-6937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a result, it was possible to combine DTLS messages using...

5.3CVSS5.7AI score0.00513EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.12 views

Azure Linux 3.0 Security Update: mariadb (CVE-2023-6937)

The version of mariadb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6937 advisory. - wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a resul...

5.3CVSS5.7AI score0.00513EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.10 views

CBL Mariner 2.0 Security Update: mariadb (CVE-2023-6937)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6937 advisory. - wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a resul...

5.3CVSS5.7AI score0.00513EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/15 5:21 p.m.19 views

CVE-2023-6937 Improper (D)TLS key boundary enforcement

wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a result, it was possible to combine DTLS messages using different keys into one DTLS record. The most extreme edge case is that, in DTLS 1.3, it was possible that an unencrypted DTLS 1.3 record...

5.3CVSS7.2AI score0.00513EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/15 5:21 p.m.23 views

CVE-2023-6937 Improper (D)TLS key boundary enforcement

wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a result, it was possible to combine DTLS messages using different keys into one DTLS record. The most extreme edge case is that, in DTLS 1.3, it was possible that an unencrypted DTLS 1.3 record...

5.3CVSS5.5AI score0.00513EPSS
Exploits0References2
CVE
CVE
added 2024/02/15 5:21 p.m.56 views

CVE-2023-6937

Summary: CVE-2023-6937 affects wolfSSL prior to 5.6.6, where messages within a single (D)TLS record were not checked for crossing key boundaries. This allows combining messages encrypted under different keys into one record, with a notable edge case in (D)TLS 1.3 where an unencrypted server fligh...

5.3CVSS5.2AI score0.00513EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder