Lucene search
K

60 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-7531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...

9.8CVSS6AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 8:17 p.m.4 views

UBUNTU-CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:1 p.m.22 views

CVE-2026-7531 Use-after-free in PQC hybrid key-share handling

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

2.3CVSS0.00346EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:1 p.m.4 views

EUVD-2026-39554

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:1 p.m.20 views

CVE-2026-7531

CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:1 p.m.8 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52577

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References5
OSV
OSV
added 2026/05/26 2:17 p.m.9 views

JLSEC-2026-520

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...

9.8CVSS6.7AI score0.03751EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.9 views

PT-2026-47002

A flaw was found in gnutls. A use after free issue in client sending key share extension may lead to memory corruption and other consequences...

5.5AI score
Exploits0References13
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in gnutls28

A flaw was discovered in gnutls. A use-after-free issue in the client’s sending of the keyshare extension may lead to memory corruption and other related issues...

9.8CVSS6.7AI score0.03751EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.12 views

Unity Linux 20.1060e / 20.1070e Security Update: gnutls (UTSA-2026-017626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017626 advisory. A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences. Tenable has extracted t...

9.8CVSS6.5AI score0.03751EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/10 1:0 a.m.14 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the error handling path of the TLSXKeyShareProcessPqcHybridClient process. An attacker can cause memory corruption or potentially execute arbitrary code by triggering an error during post-quantum cryptography hybrid...

6.5CVSS6.2AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.11 views

PT-2026-31828

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A heap use-after-free issue exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. Specifically, within the TLSX KeyShare ProcessPqcHybridClient function in...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/20 4:9 p.m.4 views

CVE-2026-3230

A flaw was found in wolfSSL. A remote attacker could exploit a missing cryptographic step in the Transport Layer Security TLS 1.3 client HelloRetryRequest handshake logic. By sending a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension, an...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 10:45 p.m.4 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to missing validation in the keyshare process during the TLS 1.3 HelloRetryRequest handshake. An attacker can compromise the confidentiality of encrypted communications by sending a crafted HelloRetryReque...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.11 views

EUVD-2026-13209

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.1CVSS5.8AI score0.00209EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/19 9:17 p.m.4 views

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS5.9AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 9:17 p.m.16 views

UBUNTU-CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 8:59 p.m.3 views

CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.1CVSS5.8AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 8:59 p.m.13 views

CVE-2026-3230

wolfSSL’s TLS 1.3 client logic is affected by an improper key_share handling during HelloRetryRequest, allowing a crafted HelloRetryRequest followed by a ServerHello without the key_share extension to derive predictable traffic secrets from the (EC)DHE shared secret. Affected component: TLS hands...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder