Lucene search
K

143 matches found

OSV
OSV
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.9CVSS5.4AI score0.00595EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.29 views

CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.9CVSS0.00595EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:3 p.m.72 views

CVE-2026-42768

The CVE-2026-42768 issue concerns Bleichenbacher-style side-channel attacks against CMS_decrypt() and PKCS7_decrypt() in OpenSSL. The vulnerability arises when processing CMS or S/MIME messages with multiple RecipientInfo entries (KTRI). In variant 1, decryption is attempted without a recipient c...

3.7CVSS5.5AI score0.0035EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.19 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0
CVE
CVE
added 2026/06/09 4:3 p.m.162 views

CVE-2026-9076

CVE-2026-9076 describes a heap out-of-bounds read in the OpenSSL CMS password-based decryption flow (RFC 3211 PWRI key unwrap). When processing attacker-supplied CMS data, using a stream-mode KEK cipher chosen via the PWRI keyEncryptionAlgorithm, the check-byte guard can be bypassed, causing a bu...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

3.7CVSS5.4AI score0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 6:18 p.m.10 views

JLSEC-2026-564 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized...

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

8.1CVSS6.6AI score0.01745EPSS
Exploits1References4
OSV
OSV
added 2026/05/14 10:19 p.m.11 views

CLSA-2026-1778787445 Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389

SECURITY UPDATE: Use-after-free / heap corruption in danematch of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree instead of X509free, bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An...

8.1CVSS7.3AI score0.01059EPSS
Exploits0References1
OSV
OSV
added 2026/05/02 1:7 a.m.9 views

CLSA-2026-1777547052 openssl: Fix of CVE-2026-28389

CVE-2026-28389: fix NULL pointer dereference in dhcmssetsharedinfo and ecdhcmssetsharedinfo when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.14 views

Medium: openssl

Issue Overview: NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NULL dereference when processing CMS KeyTransportRecipientInfo...

7.5CVSS5.2AI score0.01059EPSS
Exploits0
OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-218 In situations where an attacker receives automated notification of the success or failure of a...

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.1AI score0.03838EPSS
Exploits0References44
OSV
OSV
added 2026/04/23 3:53 p.m.8 views

SUSE-SU-2026:1577-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInf...

9.8CVSS5.7AI score0.01059EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/04/23 7:6 a.m.5 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

8.2CVSS5.7AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/04/22 9:41 a.m.5 views

SUSE-SU-2026:1550-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/04/17 10:3 a.m.6 views

Security update for openssl-3

This update for openssl-3 fixes the following issue: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.7AI score0.00805EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:2 a.m.11 views

Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

...

7.5CVSS5.8AI score0.00805EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:2 a.m.5 views

Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

...

7.5CVSS5.8AI score0.00805EPSS
Exploits0
NVD
NVD
added 2026/04/09 11:17 p.m.12 views

CVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

8CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 11:10 p.m.6 views

CVE-2026-5392

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

2.3CVSS5.9AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder