8 matches found
CVE-2019-10013
The CVE-2019-10013 entry concerns the axTLS library (Cameron Hamilton-Rich) up to version 2.1.5. The asn1_signature function in asn1.c contains a Buffer Overflow vulnerability triggered by a crafted TLS certificate in the handshake, because get_asn1_length() is not checked for a sensible minimum/...
CVE-2018-16253
CVE-2018-16253 describes a flaw in axTLS 2.1.3 and earlier where PKCS#1 v1.5 signature verification in sig_verify() of x509.c does not properly verify ASN.1 metadata, enabling a remote attacker to forge signatures under small public exponents and impersonate via fake X.509 certificates. The issue...
CVE-2018-16150
In axTLS 2.1.3 and earlier, the PKCS#1 v1.5 signature verification in sig_verify() fails to reject excess data after the hash, enabling signature forgery when small public exponents are used. This can lead to impersonation via forged X.509 certificates. This CVE-2018-16150 is a variant of CVE-200...
CVE-2019-8981
CVE-2019-8981 affects the axTLS library (tls1.c) prior to version 2.1.5. The root cause is a mismanagement of the need_bytes value, leading to a buffer overflow when processing crafted TLS packets. Documented impact is a buffer overflow; exploitation details are not provided in the connected docu...
CVE-2019-9689
CVE-2019-9689 affects axTLS up to version 2.1.5. The vulnerability is a buffer overflow in the function process_certificate (tls1.c) when handling a TLS handshake message with zero certificates, leading to potential denial of service. Affected: axTLS 2.1.5 and earlier. Some sources (Debian) indic...
CVE-2017-1000416
CVE-2017-1000416 concerns axTLS 1.5.3, where a coding error in the ASN.1 parser causes the UTCTime year (19)50 to be misinterpreted as 2050. The available sources describe the issue and its manifestation but do not specify affected products beyond axTLS 1.5.3, nor provide remediation steps or exp...
CVE-2018-16149
axTLS vulnerability CVE-2018-16149 affects version 2.1.3 and earlier, where sig_verify() in x509.c blindly trusts ASN.1 declared lengths in PKCS#1 v1.5 signatures. When small public exponents are used, a remote attacker can create crafted signatures on X.509 certificates that trigger illegal memo...
CVE-2023-33613
CVE-2023-33613 affects axTLS v2.1.5 and is caused by a heap buffer overflow in the bi_import function (axtls-code/crypto/bigint.c). This vulnerability allows a Denial of Service when parsing a private key. The provided connected sources describe the flaw but do not provide concrete exploitation d...