Linux Distros Unpatched Vulnerability : CVE-2026-45446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty...

EUVD-2026-35490

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

ALPINE-CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

JLSEC-2026-240 Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty...

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

MiracleLinux 9 : openssl-3.0.7-27.el9.ML.1 (AXSA:2024-7908:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7908:04 advisory. openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 openssl: Excessive time...

EUVD-2023-34417

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-2975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequenc...

AES-SIV implementation ignores empty associated data entries

...

CBL Mariner 2.0 Security Update: hvloader (CVE-2023-2975)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2975 advisory. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated...

Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-9333)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9333 advisory. - Fix CVE-2024-6119: Possible denial of service in X.509 name checks Resolves: RHEL-55339 - Fix CVE-2024-5535: SSLselectnextproto buffer overread...

CLSA-2024-1718291413 openssl: Fix of 6 CVEs

CVE-2024-0727: Fix NULL pointer dereference in processing PKCS12 files, preventing potential DoS attack - CVE-2023-6129: Fix POLY1305 MAC implementation bug that corrupts internal state on PowerPC CPUs with vector instructions - CVE-2023-5678: Fix issue with excessively long X9.42 DH keys or...

Low: Red Hat Security Advisory: openssl and openssl-fips-provider security update

An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries

A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can...

RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:2447)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2447 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entri...

ALSA-2024:2447 Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entri...

CentOS 9 : openssl-3.0.7-25.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-25.el9 build changelog. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are...

openssl security update

1:3.0.7-25.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evpproperties section in main OpenSSL configuration fi...