150 matches found
Astra Linux - уязвимость в python3.7, php7.3
The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...
CLSA-2026-1776958842 python3: Fix of CVE-2022-37454
CVE-2022-37454: port xkcp fix for buffer overflows in the bundled sha-3 keccak sponge implementation...
CLSA-2026-1776942343 php: Fix of 7 CVEs
CVE-2021-21702: fix NULL pointer dereference in SoapClient - CVE-2021-21703: fix OOB R/W in root process leading to privilege escalation - CVE-2022-31625: don't free uninitialized parameters in pgqueryparams/pgsendexecute that have led to RCE - CVE-2022-31626: fix mysqlnd/pdo password of...
Malicious code in crypto-keccak-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ccdef7e115ae439427bb2217083ad601c38f443bc895d50f788929634a37c3 The package crypto-keccak-js was found to contain malicious code. Source: ghsa-malware 60c3cf139a71aed81d8181d9c87451c86895953c7d34095bd06553c9e406cc...
Malicious Package
Overview crypto-keccak-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2975 Malicious code in crypto-keccak-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ccdef7e115ae439427bb2217083ad601c38f443bc895d50f788929634a37c3 The package crypto-keccak-js was found to contain malicious code. Source: ghsa-malware 60c3cf139a71aed81d8181d9c87451c86895953c7d34095bd06553c9e406cc...
CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
EUVD-2026-13149
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG via induced transient faults in the Keccak-based expansion process. An attacker can compromise key material and cryptographic outcomes by physically manipulating seed or...
CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
UBUNTU-CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
CVE-2026-3503
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM
Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL. This vulnerability stems from a protection mechanism that fails in the post-quantum...
Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
GHSA-3288-P39F-RQPV Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
RUSTSEC-2026-0012 Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...