104 matches found
FreeBSD Security Advisory - FreeBSD-SA-25:08.openssl
FreeBSD Security Advisory - FreeBSD includes software from the OpenSSL Project. OpenSSL suffers from some new vulnerabilities. An application trying to decrypt cryptographic message syntax CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. A timing...
OpenSSL Security Advisory 20250930
OpenSSL Security Advisory 20250930 - An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "noproxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address...
PT-2025-39988
Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.16 through 3.5.0 EDK II affected versions not specified Description An issue has been identified in OpenSSL where an application using the HTTP client API functions may trigger an out-of-bounds read if the no proxy...
OpenSSL -- multiple vulnerabilities
The OpenSSL project reports reports: Out-of-bounds read & write in RFC 3211 KEK Unwrap Timing side-channel in SM2 algorithm on 64-bit ARM Fix Out-of-bounds read in HTTP client noproxy handling...
OESA-2025-1427 golang security update
. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...
AZL-58443 CVE-2025-22870 affecting package vitess for versions less than 19.0.4-7
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58452 CVE-2025-22870 affecting package golang for versions less than 1.18.8-8
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58402 CVE-2025-22870 affecting package vitess for versions less than 17.0.7-7
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58404 CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-5
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58392 CVE-2025-22870 affecting package golang for versions less than 1.22.7-4
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58472 CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58469 CVE-2025-22870 affecting package packer for versions less than 1.9.5-9
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58419 CVE-2025-22870 affecting package influxdb for versions less than 2.7.5-4
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58396 CVE-2025-22870 affecting package packer for versions less than 1.9.5-12
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58446 CVE-2025-22870 affecting package git-lfs for versions less than 3.6.1-2
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58380 CVE-2025-22870 affecting package git-lfs for versions less than 3.5.1-5
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58416 CVE-2025-22870 affecting package telegraf for versions less than 1.31.0-7
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58386 CVE-2025-22870 affecting package influxdb for versions less than 2.6.1-22
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
DEBIAN-CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...