CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

This vulnerability is due to a denial of service vulnerability when the Point-to-Point Protocol (PtP) is enabled on an interface. This can be exploited by an attacker to crash the targeted system.

Mitigation

The vendor has released a patch for this vulnerability.
On Linux, the vendor has released a patch. For Red Hat Enterprise Linux, the vendor has released a patch. On Microsoft Windows, the vendor has released a patch.
On FreeBSD 11.3, the vendor has released a patch.

CVE-2023-21158 - OpenSSL Vulnerability - This is a serious vulnerability in OpenSSL. It could allow an attacker to downgrade the security of an OpenSSL encrypted connection in a man-in-the-middle scenario. This could allow the attacker to decrypt and forge data (for example, during a financial attack, or a mission-critical application with sensitive data). This CVE ID is unique from CVE-2023-21157.

CVE-2024-20271 - OpenSSL Vulnerability - This is a serious vulnerability in OpenSSL. It could allow an attacker to downgrade the security of an OpenSSL encrypted connection in a man-in-the-middle scenario. This could allow the attacker to decrypt and forge data (for example, during a financial attack, or a mission-critical application with sensitive data). This CVE ID is unique from CVE-2024-20272.

CVE-2024-

Researchers of Mathy Vanhoef, of the

Computer Laboratory of KU Leuven, have discovered a vulnerability in
OpenSSL that could allow an attacker to intercept and modify HTTPS traffic to a web server. This vulnerability is unique from CVE-2024-20271, CVE-2024-20272, and CVE-2023-21157.

CVE-2025-20047 - OpenSSL Vulnerability - This is a serious vulnerability in OpenSSL. It could allow an attacker to downgrade the security of an SSL/TLS connection in a man-in-the-middle scenario. This could allow the attacker to decrypt and forge data (for example, during a financial attack, or a mission-critical application with sensitive data).This CVE ID is unique from CVE-2015-7575 and CVE-2015-7679.

Overview of OpenSSL Vulnerabilities

OpenSSL vulnerability overview.

Summary

The OpenSSL project provides a free and open-source cryptographic library used by many applications. On April 14, 2019, two vulnerabilities were announced by the OpenSSL Project that could allow an attacker to decrypt and forge data during a financial attack or a mission-critical application with sensitive data.
On April 14, 2019, these vulnerabilities were discussed in the following blogs:

Mitigation

On Linux, the vendor has released a patch. For Red Hat Enterprise Linux, the vendor has released a patch. On Microsoft Windows, the vendor has released a patch. On FreeBSD 11.3, the vendor has released a patch.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe