Lucene search
K

159 matches found

CVE
CVE
added 2026/01/27 4:1 p.m.173 views

CVE-2026-22796

OpenSSL vulnerability CVE-2026-22796 is a type confusion in PKCS#7 signature verification (PKCS7_digest_from_attributes). The issue arises when an ASN1_TYPE union member is read without validating its type, leading to invalid/NULL pointer dereference and a Denial of Service during processing malf...

5.3CVSS5.9AI score0.00502EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.9 views

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS5.9AI score0.00502EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/01/27 4:1 p.m.42 views

CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

0.00144EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/27 4:1 p.m.6 views

EUVD-2026-4815

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

5.9AI score0.00144EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/27 4:1 p.m.9 views

EUVD-2025-206393

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

6.2AI score0.00844EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.6 views

CVE-2025-69421

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

6.2AI score0.00844EPSS
Exploits1References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.4 views

CVE-2025-69421

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

7.5CVSS6.2AI score0.00844EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/01/27 4:1 p.m.3 views

CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

5.9AI score0.00768EPSS
Exploits1References6
CVE
CVE
added 2026/01/27 4:1 p.m.50 views

CVE-2025-69420

CVE-2025-69420 is an OpenSSL vulnerability: a type confusion in the TimeStamp Response verification path (TS_RESP_verify_response) where an ASN1_TYPE union member is used without type validation, enabling a NULL dereference and Denial of Service. OpenSSL 3.0, 3.3, 3.4, 3.5, 3.6 and 1.1.1 are list...

7.5CVSS5.9AI score0.00768EPSS
Exploits1References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.4 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.9AI score0.00768EPSS
Exploits1
CVE
CVE
added 2026/01/27 4:1 p.m.114 views

CVE-2025-69419

CVE-2025-69419 is an OpenSSL vulnerability arising from PKCS12_get_friendlyname() processing of attacker-supplied PKCS#12 BMPString names. The root cause is in OPENSSL_uni2utf8(): during the second pass, bmp_to_utf8() forwards the remaining UTF-16 source byte count as the destination capacity to ...

7.4CVSS6AI score0.00444EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 4:1 p.m.5 views

CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

5.7AI score0.00115EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/27 4:1 p.m.5 views

EUVD-2025-206396

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

5.7AI score0.00115EPSS
Exploits1References6
CVE
CVE
added 2026/01/27 4:1 p.m.47 views

CVE-2025-69418

CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...

4CVSS5.7AI score0.00115EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2026/01/27 4:1 p.m.71 views

CVE-2025-68160

CVE-2025-68160 describes a heap-based out-of-bounds write in OpenSSL’s BIO_f_linebuffer filter when a BIO chain writes large, newline-free data with subsequent short writes. This can cause memory corruption and a Denial of Service. Affected products/versions include OpenSSL 3.6, 3.5, 3.4, 3.3, 3....

4.7CVSS5.8AI score0.00152EPSS
Exploits1References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.5 views

CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

4.7CVSS5.8AI score0.00152EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.3 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.7AI score0.00115EPSS
Exploits1
EUVD
EUVD
added 2026/01/27 4:1 p.m.6 views

EUVD-2025-206397

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

5.8AI score0.00152EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.5 views

CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

5.8AI score0.00152EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 4:1 p.m.5 views

CVE-2025-68160 Heap out-of-bounds write in BIO_f_linebuffer on short writes

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

5.8AI score0.00152EPSS
Exploits1References6
Rows per page
Query Builder