Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PKCS7VerifySignedData process. An attacker can cause the application to read memory outside the bounds of a heap buffer by submitting a specially crafted PKCS7 message. Remediation Upgrade wolfssl to version...

GHSA-HFPC-8R3F-GW53 AWS-LC has PKCS7_verify Signature Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need...

CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

CVE-2026-3338

The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...

MiracleLinux 9 : gnutls-3.7.6-12.el9, nettle-3.8-3.el9 (AXSA:2022-4094:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4094:01 advisory. gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2023-24011

CVE-2023-24011 is a DDS ecosystem vulnerability arising from non-compliant permission document verification and improper use of OpenSSL PKCS7_verify to validate S/MIME signatures. Attackers could craft malicious DDS Participants or ROS 2 Nodes with valid certificates to gain full control of a sec...

CVE-2023-24010 Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

CLSA-2023-1685536317 gnutls: Fix of CVE-2022-2509

CVE-2022-2509: Fix double free during gnutlspkcs7verify...

CLSA-2023-1685536090 gnutls: Fix of CVE-2022-2509

CVE-2022-2509: Fix double free during gnutlspkcs7verify...

GnuTLS 资源管理错误漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A resource management error vulnerability exists in GnuTLS that stems from a double release during gnutlspkcs7verify...