23278 matches found
Improper Verification of Cryptographic Signature
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
GHSA-8H88-GXP3-J7PG openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys
Summary The PublicKeyBundle.fromdict method in opensslencrypt/modules/keybundle.py at lines 329-361 creates bundles from untrusted data without verifying the signature. The docstring warns to call verifysignature after creation, but the toidentity method line 363-391 can convert an unverified...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package
Summary The Python cryptography package is used by IBM Cloud Pak for Data System to provide cryptographic functionality. CVE-2024-0727 affects the underlying OpenSSL library used by the cryptography package. Processing a maliciously formatted PKCS12 file may cause a NULL pointer dereference in...
CVE-2026-34054
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...
Low: openssl
Issue Overview: Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more...
Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1522)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1522 advisory. Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword...
Improper Check for Unusual or Exceptional Conditions
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
GHSA-425G-FJHQ-5H92 openssl-encrypt silently skips schema validation when jsonschema library is not installed
Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...
openssl-encrypt silently skips schema validation when jsonschema library is not installed
Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...
Insufficient Entropy
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection
Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...
Credential Exposure
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
GHSA-H3M5-P59H-X88P openssl-encrypt has visible password in process list via --password CLI argument
Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...
openssl-encrypt has visible password in process list via --password CLI argument
Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...
Allocation of Resources Without Limits or Throttling
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
Uncontrolled Search Path Element
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
Updated python-openssl packages fix security vulnerabilities
pyOpenSSL allows TLS connection bypass via unhandled callback exception in settlsextservernamecallback. CVE-2026-27448 pyOpenSSL DTLS cookie callback buffer overflow. CVE-2026-27459...
K000160560: OpenSSL vulnerability CVE-2025-69420
Security Advisory Description Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Respons...
K000160558: OpenSSL vulnerability CVE-2025-69419
Security Advisory Description Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write ca...
K000160557: OpenSSL vulnerability CVE-2025-69418
Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...