s2n-tls has undefined behavior at process exit

Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...

msgtrans (>=0.1.0 <=0.1.6), s2n-quic (>=1.18.0 <=1.37.0) +3 more potentially affected by unknown CVE via s2n-tls (>=0.0.10 <=0.3.1)

s2n-tls CARGO version =0.0.10, =0.1.0, =1.18.0, =0.18.2, =0.18.2, =0.0.6, =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-RP9H-RF7G-HWGR...

GHSA-RP9H-RF7G-HWGR s2n-tls has undefined behavior at process exit

Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...

s2n-tls's mTLS API ordering may skip client authentication

Impact An API ordering issue in s2n-tls can cause client authentication to unexpectedly not be enabled on the server when it otherwise appears to be. Server applications are impacted if client authentication is enabled by calling s2nconnectionsetconfig before calling s2nconnectionsetclientauthtyp...

msgtrans (>=0.1.0 <=0.1.6), s2n-quic (>=1.18.0 <=1.37.0) +3 more potentially affected by unknown CVE via s2n-tls (>=0.0.10 <=0.2.9)

s2n-tls CARGO version =0.0.10, =0.1.0, =1.18.0, =0.18.2, =0.18.2, =0.0.6, =0.2.11 Source cves: unknown CVE Source advisory: OSV:GHSA-857Q-XMPH-P2V5...

GHSA-857Q-XMPH-P2V5 s2n-tls's mTLS API ordering may skip client authentication

Impact An API ordering issue in s2n-tls can cause client authentication to unexpectedly not be enabled on the server when it otherwise appears to be. Server applications are impacted if client authentication is enabled by calling s2nconnectionsetconfig before calling s2nconnectionsetclientauthtyp...

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...