31 matches found
EUVD-2018-0139
Malware in sbrugna...
EUVD-2020-0221
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-26263
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code...
CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
Exploit for Infinite Loop in Openssl
A simple remote triggering POC for CVE-2022-0778 Why While...
Timing Attack
tlslite-ng is vulnerable to information disclosure. An RSA weakness that leaks information about the decrypted ciphertext such as the bit length of the decrypted message as well as where the first unexpected byte lays, allows an attacker to determine information about the plaintext...
CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
UBUNTU-CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
PYSEC-2020-143
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
GHSA-WVCV-832Q-FJG7 RSA weakness in tslite-ng
Impact The code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, code in current as of 0.8.0-alpha38 master https://github.com/tlsfuzzer/tlslite-ng/blob/0812ed60860fa61a6573b2c0e18771414958f46d/tlslite/utils/rsakey.pyL407-L441 and code in...
RSA weakness in tslite-ng
Impact The code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, code in current as of 0.8.0-alpha38 master https://github.com/tlsfuzzer/tlslite-ng/blob/0812ed60860fa61a6573b2c0e18771414958f46d/tlslite/utils/rsakey.pyL407-L441 and code in...
CVE-2020-26263
CVE-2020-26263 affects tlslite-ng, where RSA PKCS#1 v1.5 decryption/padding check is data-dependent in versions <0.7.6 and
CVE-2020-26263 RSA vulnerability in tslite-ng
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
CVE-2020-26263
Removed by vendor...
Lennyniu Tlslite-ng Encryption Problem Vulnerability
Lennyniu Tlslite-ng is a Python-based codebase used to provide SSLv3.0, TLS 1.0, TLS 1.1 and TLS 1.2 by the individual developer Lennyniu. A cryptographically problematic vulnerability previously existed in tlslite-ng 0.7.6 and 0.8.0-alpha39, which stemmed from code that relied on data to perform...
GHSA-CWH5-3CW7-4286 tlslite-ng off-by-one error on mac checking
tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line endpos = datalen - 1 - mac.digestsize that can...
tlslite-ng off-by-one error on mac checking
tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line endpos = datalen - 1 - mac.digestsize that can...
Improper Verification Of MAC
tlslite-ng is vulnerable to improper verification of MAC. The vulnerability exists as an off-by-one error occurs during the verification of MAC when the padding is a single 0x00 byte, resulting in having the MAC to always be verified...