4 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-6937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a result, it was possible to combine DTLS messages using...
Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
Summary PowerKVM is affected by numerous vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks...
OpenSSL 'dtls1_get_record()' function null pointer denial of service vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A null pointer denial of service vulnerability exists in the OpenSSL 'dtls1getrecord' function, which could be exploited by an attack...
Design/Logic Flaw
The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...