2 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the CURLMOPTSOCKETFUNCTION callback when curleasypause is called. An attacker can execute arbitrary code or cause a denial of service by triggering the use of a dangling pointer after memory has been freed. Remediation...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation when wolfSSL is used as the TLS backend for QUIC. An attacker can impersonate a legitimate server or perform a man-in-the-middle attack by exploiting a skipped certificate verification. Note: The skip of...