crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

Low: openssl

Issue Overview: Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-2099)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow if callback functions are enabled via the WOLFSSLCALLBACKS flag. A malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. Note: WOLFSSLCALLBACKS is only intended fo...

August 9, 2022-KB5016373 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016

August 9, 2022-KB5016373 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016 Release Date: August 9, 2022 Version: .NET Framework 4.8 The August 9, 2022 update for Windows 10, version 1607 and Windows Server, version 2016 includes cumulative...

August 9, 2022-KB5015732 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11

August 9, 2022-KB5015732 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11 Release Date: August 9, 2022 Version: .NET Framework 3.5 and 4.8 The August 9, 2022 update for Windows 11 includes cumulative reliability improvements in .NET Framework 3.5 and 4.8. We recommend that...

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

AZL-6360 CVE-2021-22901 affecting package curl for versions less than 7.76.0-5

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client...

DEBIAN-CVE-2021-3336

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate. The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3...

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation the TLS server always uses wrong data in place of an encryption key derived from an application.

...

OPENSUSE-SU-2019:1353-1 Security update for gnutls

This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages bsc1130682. - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API bsc1130681. -...