Lucene search
+L

1575 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.9 views

EUVD-2026-39579

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS5.9AI score0.00111EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.12 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:17 p.m.11 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

7.5CVSS0.00155EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:17 p.m.5 views

DEBIAN-CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.5 views

DEBIAN-CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.5 views

UBUNTU-CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:16 p.m.8 views

UBUNTU-CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:31 p.m.9 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

5.7CVSS5.8AI score0.00155EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/25 9:31 p.m.9 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 9:18 p.m.13 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/25 9:18 p.m.27 views

CVE-2026-8720 HMAC-BLAKE2 final discards message when key length exceeds block size

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS0.00111EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 9:18 p.m.9 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:16 p.m.7 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 9:16 p.m.23 views

CVE-2026-10098

CVE-2026-10098: In wolfSSL_OCSP_resp_find_status, OCSP CertID serial-number length-confusion allows a same-issuer SingleResponse whose serial is a prefix of the target’s to be reported as the status of another certificate. The vulnerability arises because the lookup compares serial-number bytes w...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 9:16 p.m.8 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 p.m.12 views

CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS0.00385EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 p.m.18 views

CVE-2026-6681

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

5.3CVSS0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 p.m.4 views

DEBIAN-CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

7.5CVSS6AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 9:16 p.m.6 views

UBUNTU-CVE-2026-6681

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 p.m.4 views

UBUNTU-CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6AI score0.00385EPSS
Exploits0References5
Rows per page
Query Builder