Uncovered Vulnerabilities

The following vulnerabilties have been found in studies utilizing TLS-Attacker

Large-scale analyses of (new) TLS vulnerabilities

• ALPACA. https://alpaca-attack.com/. CVE-2021-3618 (https://nvd.nist.gov/vuln/detail/CVE-2021-3618).
• Raccoon Attack. https://raccoon-attack.com/
• TLS padding oracle attacks. https://github.com/tls-attacker/TLS-Padding-Oracles

Cryptographic vulnerabilities

• AWS Application Load Balancer Session Ticket Issue. AWS used zero bytes for their session ticket encryption keys (STEKs) in their AWS application load balancers. https://aws.amazon.com/security/security-bulletins/AWS-2021-002/. Presented in the paper We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets by Hebrok et al.
• Direct Raccoon vulnerability in several F5 products. CVE-2020-5929 (https://nvd.nist.gov/vuln/detail/CVE-2020-5929, https://support.f5.com/csp/article/K91158923). Presented in the paper Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) by Merget et al.
• Raccoon attack on OpenSSL. CVE-2020-1968 (https://nvd.nist.gov/vuln/detail/CVE-2020-1968, https://openssl-library.org/news/secadv/20200909.txt). Presented in the paper Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) by Merget et al.
• Raccoon attack mitigation in Mozilla Firefox. CVE-2020-12413 (https://nvd.nist.gov/vuln/detail/CVE-2020-12413). Presented in the paper Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) by Merget et al.
• Raccoon attack on Microsoft products. CVE-2020-1596 (https://nvd.nist.gov/vuln/detail/CVE-2020-1596, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1596). Presented in the paper Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) by Merget et al.
• OpenSSL Security Advisory: 0-byte record padding oracle. CVE-2019-1559. Presented in the paper Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities by Merget et al.
• TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway. CVE-2019-6485. Presented in the paper Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities by Merget et al.
• TMM TLS virtual server vulnerability CVE-2019-6593. CVE-2019-6593. Presented in the paper Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities by Merget et al.
• SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability. CVE-2019-7477. Presented in the paper Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities by Merget et al.
• CBC padding oracle vulnerability in Oracle HTTP Server. Oracle Critical Patch Update Advisory - July 2019. Presented in the paper Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities by Merget et al.
• MatrixSSL 3.8.2 Bleichenbacher attack, see Side Channel Vulnerability on RSA Cipher Suites. Presented in the paper Systematic fuzzing and testing of TLS libraries by Somorovsky
• OpenSSL padding oracle in AES-NI CBC MAC check: CVE-2016-2107, see also Curious Padding oracle in OpenSSL or Yet Another Padding Oracle in OpenSSL CBC Ciphersuites. Presented in the paper Systematic fuzzing and testing of TLS libraries by Somorovsky
• CBC padding oracle attack on Botan. CVE-2015-7824. Presented in the paper Systematic fuzzing and testing of TLS libraries by Somorovsky
• CBC padding oracle attack on MatrixSSL. Access Violation on Malicious TLS Record. Presented in the paper Systematic fuzzing and testing of TLS libraries by Somorovsky
• Failure to enforce X.509 name constraints on alternative names. https://botan.randombit.net/security.html. Presented in the thesis On the Security of TLS Client Certificate Authentication by Korth
• MatrixSSL CBC padding oracle vulnerability. Presented in the paper TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries by Maehren et al. CVE-2022-23809

DoS vulnerabilities

• CVE2022-2576, CVE-2023-21835, and CVE-2022-34293. Allows remote attackers to cause a denial of service via DTLS. Presented in the paper Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet by Erinola et al.
• A DoS parsing bug in the MatrixSSL TLS 1.3 client. Presented in the paper TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries by Maehren et al.

State machine vulnerabilities

• State machine vulnerability enabling client-authentication bypass in Java Secure Socket Extension (JSSE). CVE-2020-2655 (https://nvd.nist.gov/vuln/detail/CVE-2020-2655). Presented in the paper Analysis of DTLS Implementations Using Protocol State Fuzzing by Fiterau-Brostean et al.
• State machine vulnerability in PionDTLS allowed for sending unencrypted application data in epoch 0. Presented in the paper Analysis of DTLS Implementations Using Protocol State Fuzzing by Fiterau-Brostean et al.
• Denial of Service and infinite loop in the TLS client. CVE-2021-44718 (https://nvd.nist.gov/vuln/detail/CVE-2021-44718). Presented in the paper The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning by McMahon Stone et al.

Buffer boundary violations and other issues

• Botan 1.11.28, Out-of-bound read (not exploitable) by sending empty TLS records, see Botan Version 1.11.29. Presented in the paper Systematic fuzzing and testing of TLS libraries by Somorovsky
• OpenSSL server silently accepts ClientHello messages with invalid Extension lengths. https://github.com/openssl/openssl/issues/265. Presented in the paper Systematic fuzzing and testing of TLS libraries by Somorovsky