NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a crafted CMS EnvelopedData message with a missing optional parameters field in the RSA-OAEP SourceFunc algorithm identifier. Notes: - This...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the RSASVE encapsulation process. An attacker can obtain sensitive information by supplying an invalid RSA public key and triggering the use of uninitialized memory contents as...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the hexadecimal conversion process of excessively large OCTET STRING values in X.509 certificate extensions such as Subject Key Identifier or Authority Key Identifier. An attacker can cause a crash, execute...

CVE-2026-28390 affecting package openssl for versions less than 3.3.5-5

CVE-2026-28390 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

CVE-2026-28388 affecting package openssl for versions less than 3.3.5-5

CVE-2026-28388 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

CVE-2026-28389 affecting package openssl for versions less than 3.3.5-5

CVE-2026-28389 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

CVE-2026-31790 affecting package openssl for versions less than 3.3.5-5

CVE-2026-31790 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

CVE-2026-31789 affecting package openssl for versions less than 3.3.5-5

CVE-2026-31789 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

DEBIAN-CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...

DEBIAN-CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

DEBIAN-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

DEBIAN-CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

[SECURITY] [DSA 6201-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6201-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2026 https://www.debian.org/security/faq -...

CVE-2026-31790

A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...

Exploit for Out-of-bounds Write in Openssl

No d...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Seven vulnerabilities in OpenSSL library. Highest classification Moderate...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...