curl: mbedTLS private-key blob null-termination asymmetry in lib/vtls/mbedtls.c (mbed_load_privkey)

Summary: In lib/vtls/mbedtls.c, function mbedloadprivkey lines 653-738 passes raw sslkeyblob-data and sslkeyblob-len directly to mbedtlspkparsekey at lines 706-708 mbedTLS 4.x branch and 718-722 mbedTLS 3.x branch, without ensuring null-termination. The mbedTLS API contract for mbedtlspkparsekey...

iperf3: vulnerable to marvin attack if the authentication option is used

A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked...