JLSEC-2026-256 Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can...

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

SUSE CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing a CMS AuthEnvelopedData message. An attacker can trigger a crash by supplying AEAD ciphers such as AES-GCM with malicious initialization vectors. These are encoded in the ASN.1 parameters and...

CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...