Lucene search
K
Axtls ProjectAxtls

8 matches found

CVE
CVE
added 2019/12/03 8:0 p.m.63 views

CVE-2019-10013

The CVE-2019-10013 entry concerns the axTLS library (Cameron Hamilton-Rich) up to version 2.1.5. The asn1_signature function in asn1.c contains a Buffer Overflow vulnerability triggered by a crafted TLS certificate in the handshake, because get_asn1_length() is not checked for a sensible minimum/...

7.8CVSS7.4AI score0.0191EPSS
CVE
CVE
added 2018/11/07 8:0 p.m.56 views

CVE-2018-16253

CVE-2018-16253 describes a flaw in axTLS 2.1.3 and earlier where PKCS#1 v1.5 signature verification in sig_verify() of x509.c does not properly verify ASN.1 metadata, enabling a remote attacker to forge signatures under small public exponents and impersonate via fake X.509 certificates. The issue...

5.9CVSS5.7AI score0.00618EPSS
CVE
CVE
added 2018/11/07 8:0 p.m.55 views

CVE-2018-16150

In axTLS 2.1.3 and earlier, the PKCS#1 v1.5 signature verification in sig_verify() fails to reject excess data after the hash, enabling signature forgery when small public exponents are used. This can lead to impersonation via forged X.509 certificates. This CVE-2018-16150 is a variant of CVE-200...

5.9CVSS5.4AI score0.00593EPSS
CVE
CVE
added 2019/03/26 1:21 a.m.53 views

CVE-2019-8981

CVE-2019-8981 affects the axTLS library (tls1.c) prior to version 2.1.5. The root cause is a mismanagement of the need_bytes value, leading to a buffer overflow when processing crafted TLS packets. Documented impact is a buffer overflow; exploitation details are not provided in the connected docu...

9.8CVSS9.3AI score0.02684EPSS
CVE
CVE
added 2019/12/03 7:59 p.m.53 views

CVE-2019-9689

CVE-2019-9689 affects axTLS up to version 2.1.5. The vulnerability is a buffer overflow in the function process_certificate (tls1.c) when handling a TLS handshake message with zero certificates, leading to potential denial of service. Affected: axTLS 2.1.5 and earlier. Some sources (Debian) indic...

7.5CVSS7.4AI score0.01479EPSS
CVE
CVE
added 2018/01/22 11:0 p.m.48 views

CVE-2017-1000416

CVE-2017-1000416 concerns axTLS 1.5.3, where a coding error in the ASN.1 parser causes the UTCTime year (19)50 to be misinterpreted as 2050. The available sources describe the issue and its manifestation but do not specify affected products beyond axTLS 1.5.3, nor provide remediation steps or exp...

5.3CVSS5.3AI score0.00871EPSS
CVE
CVE
added 2018/11/07 8:0 p.m.45 views

CVE-2018-16149

axTLS vulnerability CVE-2018-16149 affects version 2.1.3 and earlier, where sig_verify() in x509.c blindly trusts ASN.1 declared lengths in PKCS#1 v1.5 signatures. When small public exponents are used, a remote attacker can create crafted signatures on X.509 certificates that trigger illegal memo...

5.9CVSS5.6AI score0.00696EPSS
CVE
CVE
added 2023/06/06 12:0 a.m.39 views

CVE-2023-33613

CVE-2023-33613 affects axTLS v2.1.5 and is caused by a heap buffer overflow in the bi_import function (axtls-code/crypto/bigint.c). This vulnerability allows a Denial of Service when parsing a private key. The provided connected sources describe the flaw but do not provide concrete exploitation d...

5.5CVSS5.7AI score0.003EPSS