Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
tlslite-ng 输入验证错误漏洞
Vulnerability Description
tlslite-ng是一个基于Python的实现了SSL和TSL加密协议的开源库。 tlslite-ng 0.7.3及之前版本中的TLS实现存在输入验证漏洞。远程攻击者可通过实施中间人攻击利用该漏洞绕过安全检测。
CVSS Information
N/A
Vulnerability Type
N/A