54 matches found
GO-2026-4340 Handshake messages may be processed at the incorrect encryption level in crypto/tls
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...
EUVD-2022-44896
Malicious code in bioql PyPI...
Panic on large handshake records in crypto/tls
...
RHEL 8 : OpenShift Virtualization 4.14.1 RPMs (RHSA-2023:7672)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7672 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...
BIT-GOLANG-2022-41724 Panic on large handshake records in crypto/tls
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
CentOS 9 : toolbox-0.0.99.4-3.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-3.el9 build changelog. - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause...
CentOS 9 : skopeo-1.12.0-3.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the skopeo-1.12.0-3.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...
CentOS 9 : runc-1.1.7-2.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the runc-1.1.7-2.el9 build changelog. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...
RHCOS 4 : OpenShift Container Platform 4.13.1 (RHSA-2023:3303)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3303 advisory. - golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 Note that Nessus has not tested for this issue but has instead...
RHCOS 4 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. - golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 - golang: path/filepath: path-filepath filepath.Clean path...
Oracle Linux 9 : skopeo (ELSA-2023-6363)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6363 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
RHEL 9 : runc (RHSA-2023:6380)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6380 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...
RHEL 9 : podman (RHSA-2023:6474)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6474 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...
RHEL 9 : buildah (RHSA-2023:6473)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6473 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...