CVE-2026-5393

CVE-2026-5393 describes an out-of-bounds read in wolfSSL during DoTls13CertificateVerify when processing a dual-algorithm CertificateVerify message. The issue occurs only if wolfSSL is built with the experimental features enabled and dual-algorithm certificate support (--enable-experimental and -...

USN-8155-2: OpenSSL vulnerabilities

USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS. CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and...

DEBIAN-CVE-2023-3724

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the TLSXConnectionIDParse function in dtls.c and the DoTls13ClientHello function in tls13.c. A server is vulnerable only when --enable-session-ticket is set and TLS 1.3 is in use. Under those conditions, a malicious...