CVE-2019-8981
CRITICALaxtls < 2.1.5 - Out-of-bounds Write via TLS Packet Sequence
Title source: llmDescription
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
http://axtls.sourceforge.net
Patch, Third Party Advisory x_refsource_misc
https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842
Exploit, Patch, Third Party Advisory x_refsource_misc
https://www.telekom.com/resource/blob/566546/276aaa2eab781729f2544d62edecf002/dl-190322-remote-buffer-overflow-in-a-axtls-data.pdf
Scores
CVSS v3
9.8
EPSS
0.0268
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
axtls_project/axtls
< 2.1.5
Published
Mar 26, 2019
Tracked Since
Feb 18, 2026