Most recent sightings.

https://db.gcve.eu/sightings/feed Most recent sightings. 2026-05-07T07:21:22.768805+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/f75f4863-3106-4137-b2b8-7e6583784c88/export f75f4863-3106-4137-b2b8-7e6583784c88 2026-05-07T07:21:23.122066+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "f75f4863-3106-4137-b2b8-7e6583784c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38152", "type": "seen", "source": "https://t.me/cibsecurity/49133", "content": "\u203c CVE-2022-38152 \u203c\n\nAn issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:43:08.000000Z"} 2022-08-31T20:43:08+00:00 https://db.gcve.eu/sighting/cda22aff-d61b-4ea3-bae3-e21009dbdf7e/export cda22aff-d61b-4ea3-bae3-e21009dbdf7e 2026-05-07T07:21:23.121886+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "cda22aff-d61b-4ea3-bae3-e21009dbdf7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38152", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/3521", "content": "\u0412 \u0431\u043b\u043e\u0433\u0435 Trail of Bits \u0432\u044b\u0448\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044f \"Keeping the wolves out of wolfSSL\". \u0422\u0430\u043a \u043a\u0430\u043a \u0443 \u043c\u0435\u043d\u044f \u0431\u044b\u043b \u0443\u0436\u0435 \u043d\u0430 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d \u043f\u043e\u0441\u0442 \u043e \u0444\u0430\u0437\u0437\u0435\u0440\u0430\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0442\u043e \u0434\u0443\u043c\u0430\u043b \u0437\u0430\u043a\u0438\u043d\u0443\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \"Someday\", \u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043f\u043e\u0432\u0435\u043b\u0435\u043b\u043e \u043c\u043d\u0435 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0435\u0451...\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e \u043d\u043e\u0432\u043e\u043c \u0444\u0430\u0437\u0437\u0435\u0440\u0435 tlspuffin \u043d\u0430 \u043c\u043e\u0434\u043d\u043e\u043c Rust. \u041d\u043e \u043e\u043d \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438 \u0435\u0433\u043e \u0446\u0435\u043b\u0438 \u044d\u0442\u043e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b. tlspuffin \u0431\u0430\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043c\u043e\u0434\u0435\u043b\u0438 \u0443\u0433\u0440\u043e\u0437 \u0414\u043e\u043b\u0435\u0432\u0430-\u042f\u043e \u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u043f\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c LibAFL (\u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 tlspuffin). \u0414\u0430, \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 ProVerif \u0438 Tamarin, \u043d\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0439 \u0444\u0430\u0437\u0437\u0435\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0439\u0442\u0438 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u0438 \u0441\u043b\u043e\u0436\u043d\u043e \u0443\u043b\u043e\u0432\u0438\u043c\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u0445\n\n\u0414\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0442\u0435\u0441\u0442\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u0448\u0451\u043b, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 Trail of Bits \u0440\u0430\u043d\u0435\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-25640 and CVE-2022-25638 \u0432 wolfSSL, \u0430 \u0437\u0430\u0442\u0435\u043c \u0441\u043c\u043e\u0433 \u043d\u0430\u0439\u0442\u0438 \u043d\u043e\u0432\u044b\u0435 (\u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0444\u0430\u0437\u0437\u0438\u043d\u0433\u0430 \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0437\u0430\u043d\u044f\u043b \u043e\u043a\u043e\u043b\u043e \u0447\u0430\u0441\u0430 \u043d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e \u0438\u0437 \u043d\u0438\u0445):\n\n- DOSC (Denial of service against clients): CVE-2022-38153\n- DOSS (Denial of service against servers): CVE-2022-38152\n- BUF: CVE-2022-39173\n- HEAP: CVE-2022-42905\n\n\u041a\u0430\u043a \u043f\u0438\u0448\u0435\u0442 \u0430\u0432\u0442\u043e\u0440, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u0430\u0433\u0438 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043e\u043a\u043e\u043b\u043e 30 \u0440\u0430\u0437\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439. \u041d\u043e \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c, \u0442\u0430\u043a \u043a\u0430\u043a tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043e\u0441\u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0438 \u0437\u0430\u0442\u0435\u043c \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 GDB. \u041f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043d\u0435\u043a\u043e\u0435\u0433\u043e \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0449\u0435\u0433\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u043c\u0435\u0436\u0434\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438, \u0447\u0442\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438.\n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0445\u043e\u0442\u044f \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443, \u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0443\u0448\u043b\u043e 5-6 \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 SSH, \u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u043e\u0434\u0438\u043d \u0440\u0430\u0437 \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c. \u0422\u0430\u043a tlspuffin \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0445 \u043d\u0430\u0431\u043e\u0440\u043e\u0432, \u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0441\u0442\u044b. \u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e \u0441\u0443\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c TLS-Attacker\n\n\u041a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0430\u0432\u0442\u043e\u0440\u044b \u0432 \u0437\u0430\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438, TLS \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b, \u044d\u0442\u043e \u0442\u0430 \u043f\u043e\u0432\u0441\u0435\u0434\u043d\u0435\u0432\u043d\u0430\u044f \u0438 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u0430\u044f \u0432\u0435\u0449\u044c, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \"\u0434\u043e\u0432\u0435\u0440\u044f\u0435\u043c\" \u0438 \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0435\u0451 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0430\u0436\u043d\u0430\u044f \u0432\u0435\u0449\u044c", "creation_timestamp": "2023-01-17T10:37:08.000000Z"} 2023-01-17T10:37:08+00:00 https://db.gcve.eu/sighting/41592476-f19c-41c7-85d9-c3a3530a4a4c/export 41592476-f19c-41c7-85d9-c3a3530a4a4c 2026-05-07T07:21:23.120098+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "41592476-f19c-41c7-85d9-c3a3530a4a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38152", "type": "seen", "source": "https://t.me/arpsyndicate/3095", "content": "#ExploitObserverAlert\n\nCVE-2022-38152\n\nDESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38152. An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.\n\nFIRST-EPSS: 0.002470000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-26T22:22:25.000000Z"} 2024-01-26T22:22:25+00:00