Lucene search
K

869 matches found

EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18218

uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries...

9.8CVSS6AI score0.49424EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.9 views

CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

9.8CVSS6AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 6:16 p.m.5 views

GO-2026-4793 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.4 views

SUSE CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

5.3CVSS5.9AI score0.00405EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/20 4:9 p.m.4 views

CVE-2026-3230

A flaw was found in wolfSSL. A remote attacker could exploit a missing cryptographic step in the Transport Layer Security TLS 1.3 client HelloRetryRequest handshake logic. By sending a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension, an...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/20 3:43 p.m.5 views

EUVD-2026-13663

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/20 3:43 p.m.10 views

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config

Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References6Affected Software3
Snyk
Snyk
added 2026/03/20 12:43 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the SNI extraction when handling fragmented TLS ClientHello packets. An attacker can gain unauthorized access to services protected by mutual TLS by sending a fragmented ClientHello, causin...

10CVSS5.8AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 11:18 a.m.5 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

8.3CVSS0.00405EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/20 10:1 a.m.23 views

CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS0.00405EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:1 a.m.4 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-3549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing...

9.8CVSS6AI score0.00487EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 10:45 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...

9.8CVSS6.4AI score0.00487EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 10:45 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the wcHpkeLabeledExtract function when processing an oversized ECH configuration. An attacker can cause a client crash or achieve remote code execution by sending a maliciously crafted ECH config from a TLS server...

9.8CVSS6.4AI score0.00444EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 10:45 p.m.3 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to missing validation in the keyshare process during the TLS 1.3 HelloRetryRequest handshake. An attacker can compromise the confidentiality of encrypted communications by sending a crafted HelloRetryReque...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.8 views

EUVD-2026-13209

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.1CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.11 views

EUVD-2026-13231

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

6.9CVSS6.2AI score0.00444EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.9 views

EUVD-2026-13168

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

8.3CVSS6AI score0.00487EPSS
Exploits0References2
Rows per page
Query Builder