VYPR
Vendor

axTLS

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2019-8981CriMar 26, 2019
    risk 0.64cvss 9.8epss 0.03

    tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.

  • CVE-2019-9689HigDec 3, 2019
    risk 0.49cvss 7.5epss 0.01

    process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.

  • CVE-2019-10013HigDec 3, 2019
    risk 0.49cvss 7.5epss 0.02

    The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result…

  • CVE-2023-33613MedJun 6, 2023
    risk 0.36cvss 5.5epss 0.00

    axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.

  • CVE-2017-1000416MedJan 22, 2018
    risk 0.35cvss 5.3epss 0.01

    axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.

  • CVE-2018-16253MedNov 7, 2018
    risk 0.00cvss 5.9epss 0.01

    In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation…

  • CVE-2018-16150MedNov 7, 2018
    risk 0.00cvss 5.9epss 0.01

    In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to…

  • CVE-2018-16149MedNov 7, 2018
    risk 0.00cvss 5.9epss 0.01

    In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted…