GHSA-HC3C-63HC-2R9F libcrux: Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

CVE-2026-43336

A flaw was found in the Linux kernel's ChaCha cryptographic algorithm implementation. The permutedstate local variable, which is sufficient to compute the original cryptographic key, was not properly zeroized before leaving its scope. This oversight could allow an attacker to recover the...

EUVD-2026-28620

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

UBUNTU-CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

CVE-2026-43336 – linux kernel ChaCha secret handling : The vulnerability arises in lib/crypto: chacha where the permuted_state is not zeroized before leaving scope, allowing the original state (and thus the key) to be inferred after the permutation. The documented fix is to explicitly zeroize per...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the local variable permutedstate is not cleared before leaving its scope during...

PT-2026-38987

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permuted state before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permuted state' is sufficient to compute the original 'state', and thus the key, even after the...

Linux Distros Unpatched Vulnerability : CVE-2026-43336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to...

PT-2026-31863

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The software fails to verify the authentication tag during ChaCha20-Poly1305 AEAD decryption, potentially returning plaintext to the caller even with an invalid tag. This occurs in the EVP...

CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

CVE-2026-5778

CVE-2026-5778 affects wolfSSL packet sniffer (

Malicious code in chacha-lite-encrypt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

MAL-2026-1482 Malicious code in chacha-lite-encrypt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

CVE-2026-27017

CVE-2026-27017 affects the uTLS fork of crypto/tls ( Versions 1.6.0–1.8.0 ) with GREASE ECH, causing a fingerprint mismatch with Chrome due to inconsistent cipher-suite selection between the outer ClientHello and ECH. Specifically, uTLS hardcodes AES for the outer cipher suite while randomly sele...

GHSA-7M29-F4HW-G2VX uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots

There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...