Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Axtls Project Security Vulnerabilities

cve
cve

CVE-2017-1000416

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.

5.3CVSS

5.3AI Score

0.001EPSS

2018-01-22 11:29 PM
24
cve
cve

CVE-2018-16149

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X...

5.9CVSS

5.6AI Score

0.002EPSS

2018-11-07 08:29 PM
26
cve
cve

CVE-2018-16150

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509...

5.9CVSS

5.4AI Score

0.264EPSS

2018-11-07 08:29 PM
33
cve
cve

CVE-2018-16253

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 cert...

5.9CVSS

5.7AI Score

0.046EPSS

2018-11-07 08:29 PM
27
cve
cve

CVE-2019-10013

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length()...

7.5CVSS

7.4AI Score

0.01EPSS

2019-12-03 08:15 PM
40
cve
cve

CVE-2019-8981

tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.

9.8CVSS

9.3AI Score

0.005EPSS

2019-03-26 02:29 AM
33
cve
cve

CVE-2019-9689

process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.

7.5CVSS

7.4AI Score

0.022EPSS

2019-12-03 08:15 PM
35
cve
cve

CVE-2023-33613

axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.

5.5CVSS

5.7AI Score

0.0004EPSS

2023-06-06 06:15 PM
12