4 matches found
openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption
A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in kekunwrapkey in the CMS component. An attacker supplying malicious CMS data can select a stream-mode KEK cipher via the OID in the PWRI keyEncryptionAlgorithm, defeating the block-length minimum-length guard so tha...
EUVD-2026-35475
Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...