Page 12 of 57 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. wolfSSL (anteriormente CyaSSL) en versiones anteriores a 3.6.8 permite a atacantes remotos provocar una denegación de servicio (consumo de recurso o amplificación de tráfico) a través de una cookie DTLS manipulada en un mensaje ClientHello. • http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html https://github.com/IAIK/wolfSSL-DoS https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 2

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. wolfSSL (anteriormente CyaSSL) en versiones anteriores a 3.6.8 no maneja correctamente fallos asociados con el proceso Chinese Remainder Theorem (CRT) cuando permiten el intercambio de claves efímeras sin optimizaciones de memoria baja en un servidor, lo que hace que sea más fácil para atacantes remotos obtener claves privadas RSA mediante la captura de un apretón de manos TLS, también conocido como un ataque Lenstra. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034708 https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://securityblog.redhat.com/2015/09/02/factori •