UBUNTU-CVE-2023-49786

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when...

Race condition

A vulnerability in the networking component of Cisco access point AP software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an...

Cisco Catalyst 9100 Access Points Denial of Service Vulnerability

A vulnerability in the networking component of Cisco access point AP software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an...

USN-5897-1 openjdk-17, openjdk-19, openjdk-lts vulnerabilities

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. CVE-2023-218...

SUSE CVE-2022-35409

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

SUSE CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLSSSLDTLSCONNECTIONID is enabled and MBEDTLSSSLCIDINLENMAX 2 MBEDTLSSSLCIDOUTLENMAX...

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

DEBIAN-CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLSSSLDTLSCONNECTIONID is enabled and MBEDTLSSSLCIDINLENMAX 2 MBEDTLSSSLCIDOUTLENMAX...

PT-2022-22810 · Mbed Tls +3 · Mbed Tls +3

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 2.28.1 Mbed TLS versions 3.x prior to 3.2.0 Description: An issue was discovered in Mbed TLS where an unauthenticated attacker can send an invalid ClientHello message to a DTLS server, causing a heap-based buffer...

DEBIAN-CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection...

PT-2022-19474

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.5 Description The issue affects users that are using Client certificates only. A DTLS Client could provide a Certificate that it doesn't possess the private key for, and Pion DTLS wouldn't reject it. The...

Cisco Adaptive Security Appliance Software AnyConnect SSL VPN DoS (cisco-sa-vpndtls-dos-TunzLEV)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the implementation of the Datagram TLS DTLS protocol that could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition. This vulnerability ...

CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

PT-2021-7020 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of the Datagram TLS DTLS protocol...

PT-2021-4604 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the software-based SSL/TLS message handler could allow an unauthenticated, remote attacke...

OpenSSL: Invalid free in DTLS

An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution...

openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer

It was discovered that the Datagram TLS DTLS implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory...

openssl: DTLS replay protection bypass allows DoS against DTLS connection

A flaw was found in the Datagram TLS DTLS replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection...

ALPINE-CVE-2016-2181

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS records, related to reclayerd1...