Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2025-69421)

Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex function does not check whether...

SUSE CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

EUVD-2026-35474

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

CLSA-2026-1779355433 Fix CVE(s): CVE-2026-3833

SECURITY UPDATE: nameConstraints case-sensitive comparison bypass - debian/patches/CVE-2026-3833.patch: perform case-insensitive comparison of dNSName and rfc822Name domain labels in X.509 nameConstraints processing, fixing excludedSubtrees / permittedSubtrees bypass via letter-casing in the SAN....

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

Astra Linux – Vulnerability in libtasn1-6

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even cause the system to crash. This flaw allows an attacker to send a specially crafted...

Astra Linux – Vulnerability in OpenSSL

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems such as OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS without a message size limit may...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-098 (ALASNITRO-ENCLAVES-2026-098)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-098 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the G...

JLSEC-2026-225 Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

CLSA-2026-1777310722 openldap: Fix of 15 CVEs

CVE-2019-13565: SASL session encryption SSF not reset on new connection, allowing downgrade - CVE-2020-12243: slapd crash via deeply nested LDAP search filter boolean expressions - CVE-2020-25692: NULL pointer dereference in slapd during modRDN request - CVE-2020-25709: slapd assertion failure...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509 [CVE-2025-58187]

Summary IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509, due to non-linear processing time of some inputs scale with respect to the size of the certificate CVE-2025-58187. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has...

DEBIAN-CVE-2026-5447

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension...

CVE-2026-5447

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension...

CVE-2026-32280

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

Important: Red Hat Security Advisory: OpenShift Source To Image 1.6.0

OpenShift Source To Image 1.6.0 Release Release of OpenShift Source To Image 1.6.0...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWall SonicOS, which stems from a stack buffer overflow in certificate processing. This vulnerability could allow...