Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/09 4:3 p.m.38 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

0.00259EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.10 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5.4AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.57 views

CVE-2026-42770

CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 12:0 a.m.5 views

UBUNTU-CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.2AI score0.00259EPSS
Exploits0References4
Rows per page
Query Builder