4 matches found
Incorrect Calculation of Buffer Size
Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via incorrect interpretation of the length prefix in the PSK extension field during TLS 1.3 handshakes. An attacker can exhaust server resources and cause service disruption by sending repeated...
TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
...
CVE-2023-24609
Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...
ALPINE-CVE-2021-20232
A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...