{"vulnerability": "CVE-2022-3815", "sightings": [{"uuid": "e28c39e7-770f-47a3-8a41-2824e2c6b69e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38153", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/3521", "content": "\u0412 \u0431\u043b\u043e\u0433\u0435 Trail of Bits \u0432\u044b\u0448\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044f \"Keeping the wolves out of wolfSSL\". \u0422\u0430\u043a \u043a\u0430\u043a \u0443 \u043c\u0435\u043d\u044f \u0431\u044b\u043b \u0443\u0436\u0435 \u043d\u0430 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d \u043f\u043e\u0441\u0442 \u043e \u0444\u0430\u0437\u0437\u0435\u0440\u0430\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0442\u043e \u0434\u0443\u043c\u0430\u043b \u0437\u0430\u043a\u0438\u043d\u0443\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \"Someday\", \u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043f\u043e\u0432\u0435\u043b\u0435\u043b\u043e \u043c\u043d\u0435 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0435\u0451...\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e \u043d\u043e\u0432\u043e\u043c \u0444\u0430\u0437\u0437\u0435\u0440\u0435 tlspuffin \u043d\u0430 \u043c\u043e\u0434\u043d\u043e\u043c Rust. \u041d\u043e \u043e\u043d \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438 \u0435\u0433\u043e \u0446\u0435\u043b\u0438 \u044d\u0442\u043e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b. tlspuffin \u0431\u0430\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043c\u043e\u0434\u0435\u043b\u0438 \u0443\u0433\u0440\u043e\u0437 \u0414\u043e\u043b\u0435\u0432\u0430-\u042f\u043e \u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u043f\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c LibAFL (\u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 tlspuffin). \u0414\u0430, \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 ProVerif \u0438 Tamarin, \u043d\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0439 \u0444\u0430\u0437\u0437\u0435\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0439\u0442\u0438 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u0438 \u0441\u043b\u043e\u0436\u043d\u043e \u0443\u043b\u043e\u0432\u0438\u043c\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u0445\n\n\u0414\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0442\u0435\u0441\u0442\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u0448\u0451\u043b, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 Trail of Bits \u0440\u0430\u043d\u0435\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-25640 and CVE-2022-25638 \u0432 wolfSSL, \u0430 \u0437\u0430\u0442\u0435\u043c \u0441\u043c\u043e\u0433 \u043d\u0430\u0439\u0442\u0438 \u043d\u043e\u0432\u044b\u0435 (\u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0444\u0430\u0437\u0437\u0438\u043d\u0433\u0430 \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0437\u0430\u043d\u044f\u043b \u043e\u043a\u043e\u043b\u043e \u0447\u0430\u0441\u0430 \u043d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e \u0438\u0437 \u043d\u0438\u0445):\n\n- DOSC (Denial of service against clients): CVE-2022-38153\n- DOSS (Denial of service against servers): CVE-2022-38152\n- BUF: CVE-2022-39173\n- HEAP: CVE-2022-42905\n\n\u041a\u0430\u043a \u043f\u0438\u0448\u0435\u0442 \u0430\u0432\u0442\u043e\u0440, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u0430\u0433\u0438 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043e\u043a\u043e\u043b\u043e 30 \u0440\u0430\u0437\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439. \u041d\u043e \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c, \u0442\u0430\u043a \u043a\u0430\u043a tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043e\u0441\u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0438 \u0437\u0430\u0442\u0435\u043c \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 GDB. \u041f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043d\u0435\u043a\u043e\u0435\u0433\u043e \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0449\u0435\u0433\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u043c\u0435\u0436\u0434\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438, \u0447\u0442\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438.\n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0445\u043e\u0442\u044f \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443, \u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0443\u0448\u043b\u043e 5-6 \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 SSH, \u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u043e\u0434\u0438\u043d \u0440\u0430\u0437 \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c. \u0422\u0430\u043a tlspuffin \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0445 \u043d\u0430\u0431\u043e\u0440\u043e\u0432, \u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0441\u0442\u044b. \u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e \u0441\u0443\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c TLS-Attacker\n\n\u041a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0430\u0432\u0442\u043e\u0440\u044b \u0432 \u0437\u0430\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438, TLS \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b, \u044d\u0442\u043e \u0442\u0430 \u043f\u043e\u0432\u0441\u0435\u0434\u043d\u0435\u0432\u043d\u0430\u044f \u0438 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u0430\u044f \u0432\u0435\u0449\u044c, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \"\u0434\u043e\u0432\u0435\u0440\u044f\u0435\u043c\" \u0438 \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0435\u0451 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0430\u0436\u043d\u0430\u044f \u0432\u0435\u0449\u044c", "creation_timestamp": "2023-01-17T10:37:08.000000Z"}, {"uuid": "cda22aff-d61b-4ea3-bae3-e21009dbdf7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38152", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/3521", "content": "\u0412 \u0431\u043b\u043e\u0433\u0435 Trail of Bits \u0432\u044b\u0448\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044f \"Keeping the wolves out of wolfSSL\". \u0422\u0430\u043a \u043a\u0430\u043a \u0443 \u043c\u0435\u043d\u044f \u0431\u044b\u043b \u0443\u0436\u0435 \u043d\u0430 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d \u043f\u043e\u0441\u0442 \u043e \u0444\u0430\u0437\u0437\u0435\u0440\u0430\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0442\u043e \u0434\u0443\u043c\u0430\u043b \u0437\u0430\u043a\u0438\u043d\u0443\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \"Someday\", \u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043f\u043e\u0432\u0435\u043b\u0435\u043b\u043e \u043c\u043d\u0435 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0435\u0451...\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e \u043d\u043e\u0432\u043e\u043c \u0444\u0430\u0437\u0437\u0435\u0440\u0435 tlspuffin \u043d\u0430 \u043c\u043e\u0434\u043d\u043e\u043c Rust. \u041d\u043e \u043e\u043d \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438 \u0435\u0433\u043e \u0446\u0435\u043b\u0438 \u044d\u0442\u043e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b. tlspuffin \u0431\u0430\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043c\u043e\u0434\u0435\u043b\u0438 \u0443\u0433\u0440\u043e\u0437 \u0414\u043e\u043b\u0435\u0432\u0430-\u042f\u043e \u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u043f\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c LibAFL (\u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 tlspuffin). \u0414\u0430, \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 ProVerif \u0438 Tamarin, \u043d\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0439 \u0444\u0430\u0437\u0437\u0435\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0439\u0442\u0438 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u0438 \u0441\u043b\u043e\u0436\u043d\u043e \u0443\u043b\u043e\u0432\u0438\u043c\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u0445\n\n\u0414\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0442\u0435\u0441\u0442\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u0448\u0451\u043b, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 Trail of Bits \u0440\u0430\u043d\u0435\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-25640 and CVE-2022-25638 \u0432 wolfSSL, \u0430 \u0437\u0430\u0442\u0435\u043c \u0441\u043c\u043e\u0433 \u043d\u0430\u0439\u0442\u0438 \u043d\u043e\u0432\u044b\u0435 (\u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0444\u0430\u0437\u0437\u0438\u043d\u0433\u0430 \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0437\u0430\u043d\u044f\u043b \u043e\u043a\u043e\u043b\u043e \u0447\u0430\u0441\u0430 \u043d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e \u0438\u0437 \u043d\u0438\u0445):\n\n- DOSC (Denial of service against clients): CVE-2022-38153\n- DOSS (Denial of service against servers): CVE-2022-38152\n- BUF: CVE-2022-39173\n- HEAP: CVE-2022-42905\n\n\u041a\u0430\u043a \u043f\u0438\u0448\u0435\u0442 \u0430\u0432\u0442\u043e\u0440, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0431\u0430\u0433\u0438 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043e\u043a\u043e\u043b\u043e 30 \u0440\u0430\u0437\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439. \u041d\u043e \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c, \u0442\u0430\u043a \u043a\u0430\u043a tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043e\u0441\u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0438 \u0437\u0430\u0442\u0435\u043c \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 GDB. \u041f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043d\u0435\u043a\u043e\u0435\u0433\u043e \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0449\u0435\u0433\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u043c\u0435\u0436\u0434\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438, \u0447\u0442\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438.\n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 tlspuffin \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0445\u043e\u0442\u044f \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443, \u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0443\u0448\u043b\u043e 5-6 \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 SSH, \u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u043e\u0434\u0438\u043d \u0440\u0430\u0437 \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c. \u0422\u0430\u043a tlspuffin \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0445 \u043d\u0430\u0431\u043e\u0440\u043e\u0432, \u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0441\u0442\u044b. \u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e \u0441\u0443\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c TLS-Attacker\n\n\u041a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0430\u0432\u0442\u043e\u0440\u044b \u0432 \u0437\u0430\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438, TLS \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b, \u044d\u0442\u043e \u0442\u0430 \u043f\u043e\u0432\u0441\u0435\u0434\u043d\u0435\u0432\u043d\u0430\u044f \u0438 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u0430\u044f \u0432\u0435\u0449\u044c, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \"\u0434\u043e\u0432\u0435\u0440\u044f\u0435\u043c\" \u0438 \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0435\u0451 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0430\u0436\u043d\u0430\u044f \u0432\u0435\u0449\u044c", "creation_timestamp": "2023-01-17T10:37:08.000000Z"}, {"uuid": "41592476-f19c-41c7-85d9-c3a3530a4a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38152", "type": "seen", "source": "https://t.me/arpsyndicate/3095", "content": "#ExploitObserverAlert\n\nCVE-2022-38152\n\nDESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38152. An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.\n\nFIRST-EPSS: 0.002470000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-26T22:22:25.000000Z"}, {"uuid": "f688308a-b5f2-4aef-a309-44c8176db453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38153", "type": "seen", "source": "https://t.me/arpsyndicate/2994", "content": "#ExploitObserverAlert\n\nCVE-2022-38153\n\nDESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to CVE-2022-38153. An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a \"free(): invalid pointer\" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.\n\nFIRST-EPSS: 0.002050000\nNVD-IS: 3.6\nNVD-ES: 2.2", "creation_timestamp": "2024-01-26T15:55:29.000000Z"}, {"uuid": "08ff4623-3e52-4a89-a675-014f5eb3f643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38155", "type": "seen", "source": "https://t.me/cibsecurity/47929", "content": "\u203c CVE-2022-38155 \u203c\n\nTEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T07:26:26.000000Z"}, {"uuid": "de7efac1-048a-4210-8d32-79205b2065d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3815", "type": "seen", "source": "https://t.me/cibsecurity/52454", "content": "\u203c CVE-2022-3815 \u203c\n\nA vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T01:19:30.000000Z"}, {"uuid": "46431928-3438-4708-a627-cc29c6a85172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38150", "type": "seen", "source": "https://t.me/cibsecurity/47928", "content": "\u203c CVE-2022-38150 \u203c\n\nIn Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T07:26:25.000000Z"}, {"uuid": "0ab75621-7185-4c04-aca6-6de21cbefb69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38153", "type": "seen", "source": "https://t.me/cibsecurity/49146", "content": "\u203c CVE-2022-38153 \u203c\n\nAn issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a \"free(): invalid pointer\" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T22:50:01.000000Z"}, {"uuid": "f75f4863-3106-4137-b2b8-7e6583784c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38152", "type": "seen", "source": "https://t.me/cibsecurity/49133", "content": "\u203c CVE-2022-38152 \u203c\n\nAn issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:43:08.000000Z"}]}