105 matches found
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
CVE-2026-28387
CVE-2026-28387 is a vulnerability in the DANE client code of OpenSSL related to an uncommon TLSA record configuration that may cause a use-after-free or double-free on the client. Public advisories across multiple vendors confirm the issue and reference OpenSSL versions affected and available fix...
CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
Linux Distros Unpatched Vulnerability : CVE-2026-28387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may...
UBUNTU-CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
OpenSSL Security Advisory 20260407
OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...
PT-2026-31036
Name of the Vulnerable Software and Affected Versions versions not specified Description An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side....
EUVD-2013-4352
Malware in sbrugna...
EUVD-2013-4335
Malware in sbrugna...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-591)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-591 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-521)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-521 advisory. A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-463)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-463 advisory. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext...
SUSE CVE-2013-4466
Buffer overflow in the danequerytlsa function in the DANE library libdane in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries...
SUSE CVE-2013-4487
Off-by-one error in the danerawtlsa in the DANE library libdane in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466...
Cisco Email Security Appliance DNS Verification DoS (cisco-sa-esa-dos-MxZvGtgU)
According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability in the DNS-based Authentication of Named Entities DANE email verification component that allows an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...
Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance ESA that could result in a denial-of-service DoS condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 CVSS...