Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel

🩸 CVE-2026-31635 – DirtyDecrypt Linux Kernel Local Priv...

JLSEC-2026-238 Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a...

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

gosaml2 CBC Padding Panic — Unauthenticated Process Crash

Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...

GHSA-HWQM-QVJ9-4JR2 gosaml2 CBC Padding Panic — Unauthenticated Process Crash

Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via discrepancies in processing invalid padding errors in legacy API mbedtlsciphercrypt and mbedtlscipherfinish functions and in the PSA Crypto API psacipherdecrypt and psacipherfinish functions when handling any other...

SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:2620-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2620-1 advisory. - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM bsc1210714...

openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:2470-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2470-1 advisory. - Update to version 3.0.8 bsc1207541. - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents ...

K000133752: OpenSSL vulnerability CVE-2023-1255

Security Advisory Description Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash ...

CVE-2023-1255

The CVE-2023-1255 vulnerability affects OpenSSL’s AES-XTS decryption on 64-bit ARM, where the implementation may read beyond the ciphertext buffer (for ciphertext sizes that are 4 mod 5 in 16-byte blocks), causing a crash and potential denial of service. Affected OpenSSL deployments may crash if ...