794 matches found
CVE-2026-14969
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...
EUVD-2026-42052
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...
CVE-2026-14969
The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...
CVE-2026-14969
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...
PT-2026-56200
Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDBM backend attribute encryption where a hardcoded static initialization vector is used for AES-CBC and 3DES-CBC operations. This allows an attacker with privileged...
CVE-2024-56141 Minosoft has IV equal to key
Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...
GHSA-3CCM-4QQ2-5WRP Constrata's coordinator transit engine `ciphertextContainer.UnmarshalJSON` panics on attacker-controlled short ciphertexts
Summary ciphertextContainer.UnmarshalJSON decodes the third :-separated component of a vault:vX:base64... ciphertext and then unconditionally takes a 12-byte prefix slice for the AES-GCM nonce: c.nonce = fullCiphertext:aesGCMNonceSize. If the decoded blob is shorter than 12 bytes, the slice...
Linux Distros Unpatched Vulnerability : CVE-2026-6330
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2...
UBUNTU-CVE-2026-13758
CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...
EUVD-2026-39570
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
DEBIAN-CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330
CVE-2026-6330 : In ML-KEM targeting ARM64 NEON, the ciphertext comparison only checks half of the input. This breaks the Fujisaki-Okamoto transform’s implicit rejection, weakening IND-CCA2 security on that path. The constant-time comparison thus ignores part of the re-encrypted ciphertext, allowi...
CVE-2026-6330 ML-KEM ARM64 NEON ciphertext comparison only compares half of the input
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-10097
wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...
UBUNTU-CVE-2026-10097
wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...
EUVD-2026-39553
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...
CVE-2026-10097
Summary: CVE-2026-10097 affects wolfSSL’s ML-KEM-1024 x64 AVX2 implementation. The Fujisaki-Okamoto decapsulation path performs an incomplete ciphertext check, failing to compare the final portion of the 1568-byte ciphertext. As a result, ciphertexts manipulated in those final bytes can bypass im...
CVE-2026-10097 ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery
wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...