3 matches found
OpenVPN -- server DOS and data leak in TLS handshake vulnerabilities
Gert Doering reports: Security fixes in 2.7.2 fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances CVE-2026-40215 fix server termination on receiving a suitably malformed packet with a valid tls-crypt-v2 key...
Sensitive Information in Resource Not Removed Before Reuse
Overview Affected versions of this package are vulnerable to Sensitive Information in Resource Not Removed Before Reuse in the Bolt protocol handshake. An attacker can obtain one byte of information from previous connections by sending crafted requests during the protocol negotiation phase. The...
openssl: Divide-and-conquer session key recovery in SSLv2
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...