{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/crypto/tls/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-32283"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","tls","crypto/tls"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-32283 describes a vulnerability within the crypto/tls component related to the processing of TLS 1.3 KeyUpdate records. The core issue stems from the lack of proper authentication for these KeyUpdate records. An attacker exploiting this flaw can send unauthenticated KeyUpdate records to a vulnerable server. The server, upon processing these records, may retain connections persistently or enter a denial-of-service (DoS) state due to resource exhaustion. This vulnerability poses a significant risk to systems relying on TLS 1.3 for secure communication. While the specific vulnerable products are not detailed in the source, the report does mention Microsoft as the affected vendor. Defenders must identify and patch the vulnerable crypto/tls implementations to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker establishes a TLS 1.3 connection with a vulnerable server.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious TLS 1.3 KeyUpdate record without proper authentication.\u003c/li\u003e\n\u003cli\u003eAttacker sends the unauthenticated KeyUpdate record to the target server over the established TLS connection.\u003c/li\u003e\n\u003cli\u003eThe vulnerable crypto/tls implementation on the server processes the malformed KeyUpdate record.\u003c/li\u003e\n\u003cli\u003eDue to the lack of proper validation, the server\u0026rsquo;s connection state becomes inconsistent.\u003c/li\u003e\n\u003cli\u003eThe server retains the connection persistently due to the invalid state.\u003c/li\u003e\n\u003cli\u003eAttacker repeats steps 2-6 to exhaust server resources with numerous persistent connections.\u003c/li\u003e\n\u003cli\u003eThe server enters a denial-of-service (DoS) condition, becoming unresponsive to legitimate requests.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32283 can lead to a denial-of-service condition, rendering affected servers unavailable. The number of affected victims will vary based on the deployment of vulnerable crypto/tls implementations. Services relying on TLS 1.3 for secure communication are at risk. If the attack succeeds, legitimate users will be unable to access the affected services, potentially causing significant disruption and financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIdentify all systems using the crypto/tls component from Microsoft to determine if they are vulnerable to CVE-2026-32283.\u003c/li\u003e\n\u003cli\u003eApply the security updates released by Microsoft to patch CVE-2026-32283 on all affected systems as soon as they are available, according to the Microsoft Security Update Guide.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious TLS KeyUpdate records, focusing on malformed or unauthenticated packets using a network intrusion detection system (NIDS).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T08:43:55Z","date_published":"2026-04-30T08:43:55Z","id":"/briefs/2026-04-tls-keyupdate-dos/","summary":"CVE-2026-32283 is a vulnerability in crypto/tls that allows unauthenticated TLS 1.3 KeyUpdate records, leading to persistent connection retention and a denial-of-service condition.","title":"CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate DoS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-tls-keyupdate-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Crypto/Tls","version":"https://jsonfeed.org/version/1.1"}