Lucene search
K

31 matches found

EUVD
EUVD
added 4 days ago4 views

EUVD-2026-41891

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS6AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-40257

CVE-2026-40257 affects OP-TEE (Trusted Execution Environment) for Cortex-A with TrustZone. From versions 3.21.0 up to, but not including, 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow, corrupting all TEE kernel me...

5.5CVSS6AI score0.00109EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-40257 OP-TEE has SHA-3 accelerated finalize heap overflow

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-40257

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS6AI score0.00109EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Python 3.7, PHP 7.3

The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...

9.8CVSS8AI score0.05193EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

9.8CVSS7.8AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001159 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...

7.8CVSS6.5AI score0.00561EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002544 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...

7.8CVSS6.5AI score0.00561EPSS
Exploits0References24
OSV
OSV
added 2025/12/27 9:4 a.m.27 views

RLSA-2023:2903 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

8.1CVSS9.4AI score0.49336EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2025/12/27 12:0 a.m.5 views

RockyLinux 8 : php:7.4 (RLSA-2023:2903)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2903 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cooki...

9.8CVSS7.4AI score0.49336EPSS
Exploits7References13
OSV
OSV
added 2025/12/04 5:24 p.m.12 views

GHSA-2CGV-28VR-RV6J libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

8.8CVSS5.8AI score
Exploits0References5
RustSec
RustSec
added 2025/12/04 12:0 p.m.9 views

Incorrect calculation on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

7AI score
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2025/08/28 12:0 a.m.6 views

Microarchitecture Design and Benchmarking of Custom SHA-3 Instruction for RISC-V

Integrating cryptographic accelerators into modern CPU architectures presents unique microarchitectural challenges, particularly when extending instruction sets with complex and multistage operations. Hardware-assisted cryptographic instructions, such as Intel's AES-NI and ARM's custom instructio...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-17806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing ...

7.8CVSS6.4AI score0.00561EPSS
Exploits0References2
OSV
OSV
added 2023/11/29 3:46 p.m.6 views

USN-6524-1 pypy3 vulnerability

Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS6.9AI score0.05193EPSS
Exploits1References2
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Important: python38

Issue Overview: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Affected...

9.8CVSS8.3AI score0.05193EPSS
Exploits1
Amazon
Amazon
added 2023/09/13 12:0 a.m.4 views

Important: php

Issue Overview: In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead ...

9.8CVSS8AI score0.05193EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2023/05/16 9:8 a.m.4 views

XKCP: buffer overflow in the SHA-3 reference implementation

A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic...

9.8CVSS7AI score0.05193EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.4 views

SUSE CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...

3.6CVSS6.4AI score0.00561EPSS
Exploits0References15
OSV
OSV
added 2023/01/06 11:4 a.m.3 views

OESA-2023-1023 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing adatabase-enabled webpage with PHP is...

9.8CVSS9.5AI score0.05193EPSS
Exploits1References2
Rows per page
Query Builder