Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-42505

A flaw was found in the crypto/tls package in Go. Handshakes utilizing Encrypted Client Hello ECH could lead to de-anonymization by a passive network observer. This is due to the disclosure of pre-shared key identities within the unencrypted client hello, allowing an attacker to potentially link...

5.3CVSS5.8AI score0.00419EPSS
Exploits0References7
NVD
NVD
added 6 days ago6 views

CVE-2026-15165

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS0.00133EPSS
Exploits1References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-15165 Heap-based Buffer Overflow in Wireshark

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS0.00133EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42412

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References2
NVD
NVD
added 6 days ago9 views

CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS0.00419EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

0.00419EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42317

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS5.9AI score0.00419EPSS
Exploits0References4
CVE
CVE
added 6 days ago23 views

CVE-2026-42505

CVE-2026-42505 describes a privacy leakage in handshakes using Encrypted Client Hello (ECH) , where a passive observer can de-anonymize connections due to disclosure of pre-shared key (PSK) identities in the unencrypted ClientHello. The vulnerability is documented across multiple sources (NVD, EU...

5.3CVSS5.9AI score0.00419EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56592

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Description A crash in the TLS ECH decryptor allows a denial of service. Encrypted Client Hello ECH is a TLS extension that encrypts the Client Hello message to protect client privacy. Recommendations...

7.5CVSS6.1AI score0.00133EPSS
Exploits1References4
OSV
OSV
added last week1 views

GO-2026-5856 Invoking Encrypted Client Hello privacy leak in crypto/tls

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS6.1AI score0.00419EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56479

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...

5.3CVSS6.1AI score0.00419EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2026/04/09 11:17 p.m.3 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.8AI score0.00393EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.11 views

CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

9.8CVSS6AI score0.00487EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-3549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing...

9.8CVSS6AI score0.00487EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 10:45 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...

9.8CVSS6.4AI score0.00487EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 10:45 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the wcHpkeLabeledExtract function when processing an oversized ECH configuration. An attacker can cause a client crash or achieve remote code execution by sending a maliciously crafted ECH config from a TLS server...

9.8CVSS6.4AI score0.00444EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.9 views

EUVD-2026-13168

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

8.3CVSS6AI score0.00487EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.11 views

EUVD-2026-13231

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

6.9CVSS6.2AI score0.00444EPSS
Exploits0References2
Rows per page
Query Builder