891 matches found
CVE-2026-50722
Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...
EulerOS 2.0 SP15 : python-pyasn1 (EulerOS-SA-2026-2504)
According to the versions of the python-pyasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by...
CVE-2026-57914 Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:2614-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2614-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2598-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2598-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...
libtasn1 security update
An update is available for libtasn1. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A library that provides Abstract Syntax Notation One ASN.1, as specified by...
RLSA-2026:28235 Low: libtasn1 security update
A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: libtasn1: Denial of Service via stack-based...
SUSE-SU-2026:2614-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption bsc1266349. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341....
Low: Red Hat Security Advisory: libtasn1 security update
An update for libtasn1 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
SUSE-SU-2026:2598-1 Security update for openssl-3
This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...
OPENSUSE-SU-2026:21005-1 Security update for openssl-3
This update for openssl-3 fixes the following issues - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based...
OPENSUSE-SU-2026:11079-1 ghc-crypton-asn1-parse-0.10.0-1.1 on GA media
These are all security issues fixed in the ghc-crypton-asn1-parse-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11078-1 ghc-crypton-asn1-encoding-0.10.0-1.1 on GA media
These are all security issues fixed in the ghc-crypton-asn1-encoding-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11080-1 ghc-crypton-asn1-types-0.4.1-1.1 on GA media
These are all security issues fixed in the ghc-crypton-asn1-types-0.4.1-1.1 package on the GA media of openSUSE Tumbleweed...
Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...
Amazon Linux 2 : edk2, --advisory ALAS2-2026-3363 (ALAS-2026-3363)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3363 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...
SUSE-SU-2026:2404-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption bsc1266349. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341....
SUSE-SU-2026:2403-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption bsc1266349. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341....
Security update for openssl-3
This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...
RLSA-2026:25237 Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...