aws-kms-tls-auth vulnerable to memory overallocation

Summary aws-kms-tls-auth is an optional utility for s2n-tls that enables customers to use AWS KMS keys as part of the PSK extension field in a TLS 1.3 handshake. An issue exists in this library that can lead to overallocation of memory potentially resulting in a denial of service. Impact The PSK...

GHSA-5WHH-4Q9J-7V28 aws-kms-tls-auth vulnerable to memory overallocation

Summary aws-kms-tls-auth is an optional utility for s2n-tls that enables customers to use AWS KMS keys as part of the PSK extension field in a TLS 1.3 handshake. An issue exists in this library that can lead to overallocation of memory potentially resulting in a denial of service. Impact The PSK...

CVE-2025-55083 Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension()

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read...

CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

CVE-2019-11873

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length,...

Buffer overflow

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length,...