Axtls Project: >> Axtls >> 2.1.5 Security Vulnerabilities
axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-06
process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-12-03
The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-12-03