Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.13 views

openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5.4AI score0.00297EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/09 6:32 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in kekunwrapkey in the CMS component. An attacker supplying malicious CMS data can select a stream-mode KEK cipher via the OID in the PWRI keyEncryptionAlgorithm, defeating the block-length minimum-length guard so tha...

8.2CVSS7.3AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.23 views

EUVD-2026-35475

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.9 views

CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

5.7AI score0.00297EPSS
Exploits0References6
Rows per page
Query Builder