Skip to main content

Axtls

7 CVEs product

Monthly

CVE-2023-33613 MEDIUM POC This Month

axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Axtls
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-9689 HIGH This Week

process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Axtls
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-10013 HIGH This Week

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Axtls
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-8981 CRITICAL POC PATCH Act Now

tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Axtls
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-16253 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-16150 MEDIUM PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-16149 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Jwt Attack Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.7%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Axtls
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Axtls
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Axtls
NVD
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Jwt Attack Information Disclosure Axtls
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Axtls
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Jwt Attack Axtls
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy