5 matches found
CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
UBUNTU-CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
PT-2025-54829
Name of the Vulnerable Software and Affected Versions utls versions prior to 1.7.0 Description The utls software did not implement the TLS 1.3 downgrade protection mechanism as specified in RFC 8446 Section 4.1.3 when a utls ClientHello specification was used. This allowed a network attacker to...