43 matches found
CVE-2026-42505
A flaw was found in the crypto/tls package in Go. Handshakes utilizing Encrypted Client Hello ECH could lead to de-anonymization by a passive network observer. This is due to the disclosure of pre-shared key identities within the unencrypted client hello, allowing an attacker to potentially link...
CVE-2026-15165
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...
CVE-2026-15165 Heap-based Buffer Overflow in Wireshark
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...
EUVD-2026-42412
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...
CVE-2026-42505
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
EUVD-2026-42317
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
CVE-2026-42505
CVE-2026-42505 describes a privacy leakage in handshakes using Encrypted Client Hello (ECH) , where a passive observer can de-anonymize connections due to disclosure of pre-shared key (PSK) identities in the unencrypted ClientHello. The vulnerability is documented across multiple sources (NVD, EU...
PT-2026-56592
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Description A crash in the TLS ECH decryptor allows a denial of service. Encrypted Client Hello ECH is a TLS extension that encrypts the Client Hello message to protect client privacy. Recommendations...
GO-2026-5856 Invoking Encrypted Client Hello privacy leak in crypto/tls
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
PT-2026-56479
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...
CVE-2026-5503
In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...
CVE-2026-3849
Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...
CVE-2026-3549
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...
Linux Distros Unpatched Vulnerability : CVE-2026-3849
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a...
Linux Distros Unpatched Vulnerability : CVE-2026-3549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the wcHpkeLabeledExtract function when processing an oversized ECH configuration. An attacker can cause a client crash or achieve remote code execution by sending a maliciously crafted ECH config from a TLS server...
EUVD-2026-13168
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...
EUVD-2026-13231
Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...