CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2021/03/25 2:58 p.m.•55 views

CVE-2021-3449

A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...

5.9CVSS2AI score0.09859EPSS

Exploits3References4

ATTACKERKB•added 2021/03/25 12:0 a.m.•152 views

OpenSSL TLS Server Crash (NULL pointer dereference) — CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

7.4CVSS4.5AI score0.09859EPSS

Exploits3References26

OSV•added 2020/04/25 12:0 p.m.•35 views

RUSTSEC-2020-0015 Crash causing Denial of Service attack

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS7.5AI score0.60769EPSS

Exploits2References3

RustSec•added 2020/04/25 12:0 p.m.•41 views

Crash causing Denial of Service attack

7.5CVSS2.7AI score0.60769EPSS

Exploits2Affected Software1

Tenable Nessus•added 2020/04/23 12:0 a.m.•211 views

OpenSSL 1.1.1d < 1.1.1g Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1g. It is, therefore, affected by a vulnerability as referenced in the 1.1.1g advisory. - Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer...

7.5CVSS6.8AI score0.60769EPSS

Exploits2References4