8 matches found
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
CVE-2025-59530
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...
kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...
OESA-2024-1066 openssh security update
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...
AZL-43762 CVE-2023-48795 affecting package trilead-ssh2 217.8-2
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
OpenJDK: improper connection handling during TLS handshake (8294474)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...
EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...