Lucene search
K

5 matches found

OSV
OSV
added 2021/05/26 8:0 a.m.8 views

CURL-CVE-2021-22901 TLS session caching disaster

libcurl can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious...

8.1CVSS8.6AI score0.60122EPSS
Exploits1
Hacker One
Hacker One
added 2021/04/29 8:31 p.m.62 views

curl: CVE-2021-22901: TLS session caching disaster

Summary: lib/vtls/openssl.c osslconnectstep1 sets up the osslnewsessioncb sessionid callback with SSLCTXsesssetnewcb, and adds association from dataidx and connectdataidx to current conn and data respectively: SSLCTXsetsessioncachemodebackend-ctx, SSLSESSCACHECLIENT | SSLSESSCACHENOINTERNAL;...

6.8CVSS8AI score0.60122EPSS
Exploits1
NVD
NVD
added 2017/04/13 5:59 p.m.22 views

CVE-2013-6662

Google Chrome caches TLS sessions before certificate validation occurs...

6.5CVSS6.3AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2017/04/13 5:59 p.m.1 views

UBUNTU-CVE-2013-6662

Google Chrome caches TLS sessions before certificate validation occurs...

6.5CVSS6.6AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2015/01/08 8:0 a.m.7 views

CURL-CVE-2014-8151 Secure Transport certificate check bypass

libcurl stores TLS Session IDs in its associated Session ID cache when it connects to TLS servers. In subsequent connects it reuses the entry in the cache to resume the TLS connection faster than when doing a full TLS handshake. The actual implementation for the Session ID caching varies dependin...

5.8CVSS6.9AI score0.01148EPSS
Exploits0
Rows per page
Query Builder