7 matches found
SUSE-SU-2026:2662-1 Security update for openssl-3-livepatches
This update for openssl-3-livepatches fixes the following issues - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: NULL dereference in SSLCIPHERfi...
Astra Linux – Vulnerability in gnutls28
A vulnerability has been discovered in gnutls. This security flaw occurs due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutlspkcs7verify function...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...
CVE-2026-34610
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...
RUSTSEC-2026-0047 PKCS7_verify Signature Validation Bypass in AWS-LC
Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using...
AlmaLinux 9 : openssl (ALSA-2026:1473)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1473 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or Deni...
AlmaLinux 10 : openssl (ALSA-2026:1472)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1472 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or...