CLSA-2025-1761575970
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2025-1761575970.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1761575970
- Upstream
- Published
- 2025-10-27T14:39:39Z
- Modified
- 2026-06-04T10:03:29.096718108Z
- Summary
- Fix of 6 CVEs
- Details
-
- SECURITY UPDATE: potential Denial of Service via TLS connection
- debian/patches/CVE-2020-14058.patch: Fix sending of unknown validation errors to cert validator
- CVE-2020-14058
- SECURITY UPDATE: improper Validation of Specified Index leads to Denial of
Service via TLS Handshake vulnerability
- debian/patches/CVE-2023-46724.patch: Fix validation of certificates with CN=* due to Buffer UnderRead in SSL CN Parsing issue (#1523)
- CVE-2023-46724
- SECURITY UPDATE: denial of Service vulnerability in HTTP Chunked decoder due
to uncontrolled recursion bug
- debian/patches/CVE-2024-25111.patch: Fix infinite recursion when parsing HTTP chunks, prevent progress in call chain by stopping HttpStateData recursion
- CVE-2024-25111
- SECURITY UPDATE: denial of Service vulnerability in the NTLM authentication
credentials parser due to incorrect input validation
- debian/patches/CVE-2020-8517.patch: Fix incorrect input validation allowing writing outside of buffer and leading to denial of service
- CVE-2020-8517
- SECURITY UPDATE: denial of Service vulnerability against HTTP header parsing
due to a Collapse of Data into Unsafe Value
- debian/patches/CVE-2024-25617.patch: Improve handling of expanding HTTP header values to prevent DoS
- CVE-2024-25617
- SECURITY UPDATE: denial of Service vulnerability by a trusted server
- debian/rules: Disable ESI due to unfixed multiple issues in ESI causing DoS by a trusted server
- debian/control: Remove dependencies used by ESI
- CVE-2024-45802
- SECURITY UPDATE: potential Denial of Service via TLS connection
- References