PT-2025-6926 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.19 Description: Meshtastic is an open source mesh networking solution. In affected firmware versions, crafted packets over MQTT can appear as a DM in client to a node even though they were not decoded with PKC...

OpenSSL does not securely handle invalid public key when configured to ignore errors

Overview A vulnerability in the way OpenSSL handles invalid public keys in client certificate messages could allow a remote attacker to cause a denial of service. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typical...