Every CVE whose affected-product data names Axtls Project Axtls, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-8981 — CVSS 9.8 (critical): tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value…
CVE-2019-9689 — CVSS 7.5 (high): process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake…
CVE-2019-10013 — CVSS 7.5 (high): The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to…
CVE-2018-16149 — CVSS 5.9 (medium): In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in…
CVE-2018-16150 — CVSS 5.9 (medium): In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the…
CVE-2018-16253 — CVSS 5.9 (medium): In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1…
CVE-2023-33613 — CVSS 5.5 (medium): axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability…
CVE-2017-1000416 — CVSS 5.3 (medium): axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.