Lucene search
+L

4 matches found

RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.4 views

golang: crypto/tls: lack of a limit on buffered post-handshake

A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...

7.5CVSS7.3AI score0.01137EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/12/22 4:15 a.m.7 views

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

7.5CVSS6AI score0.00731EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/12/12 5:29 p.m.4 views

golang: crypto/tls: lack of a limit on buffered post-handshake

A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...

7.5CVSS7.3AI score0.01137EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/11/07 8:50 a.m.3 views

golang: crypto/tls: lack of a limit on buffered post-handshake

A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...

7.5CVSS7.3AI score0.01137EPSS
Exploits0References8
Rows per page
Query Builder