13 matches found
Astra Linux - уязвимость в mbedtls
In Mbed TLS versions prior to 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uninitialized stack memory was used to construct the TLS Finished message. This could potentially lead to authentication bypasses, such as replay attacks...
UBUNTU-CVE-2026-34582
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...
Improper Enforcement of Behavioral Workflow
Overview Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow in the TLS 1.3 implementation, which processes ApplicationData records before receiving the Finished message. An attacker can bypass certificate-based client authentication by omitting the...
CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...
EUVD-2026-19948
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...
CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...
CVE-2026-34582
Botan TLS 1.3 vulnerability (CVE-2026-34582) affects Botan prior to 3.11.1, where ApplicationData records could be processed before the TLS Finished message, allowing bypass of client authentication via certificates. Affected: Botan before 3.11.1. Mitigation: upgrade to Botan 3.11.1 or later (sec...
JLSEC-2025-187 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware ...
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
...
ALPINE-CVE-2025-27810
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...
Microsoft Windows Cipher Suites For FalseStart MiTM Vulnerability (3155527)
This host is missing a security update according to Microsoft Security Advisory 3155527 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fortinet FortiOS Input Validation Vulnerability
Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A security...
SOL16970 - TLS Finish Message vulnerability
The BIG-IP system does not verify every byte in the Finished message of a TLS handshake...