Browse all 3 CVE security advisories affecting tlsfuzzer. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TLSfuzzer is a Python-based tool designed for testing TLS implementations by crafting and sending custom protocol messages. Its core use case involves identifying implementation flaws in TLS libraries and servers. Historically, it has uncovered vulnerabilities including remote code execution, denial-of-service conditions, and protocol bypasses. The tool has contributed to three CVEs, primarily focusing on logic errors and state machine inconsistencies in TLS handshakes. TLSfuzzer's approach emphasizes protocol compliance testing rather than cryptographic weaknesses, making it effective for finding edge cases that might be missed by other scanners. Its findings have led to security patches in major TLS implementations, demonstrating its value in improving protocol security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33936 | python-ecdsa: Denial of Service via improper DER length validation in crafted private keys — python-ecdsaCWE-20 | 5.3 | Medium | 2026-03-27 |
| CVE-2024-23342 | python-ecdsa vulnerable to Minerva attack on P-256 — python-ecdsaCWE-203 | 7.4 | High | 2024-01-22 |
This page lists every published CVE security advisory associated with tlsfuzzer. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.