RockyLinux 9 : openssl (RLSA-2026:25239)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the osslcmsRecipientInfopwricrypt function. An attacker who supplies a malicious password-encrypted CMS message can crash an application, because the PasswordRecipientInfo.keyDerivationAlgorithm field is...

USN-8414-1: OpenSSL vulnerabilities

Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...

JLSEC-2026-266

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

OESA-2025-2899 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

OESA-2025-2898 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

OESA-2025-2897 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

Siemens SIMATIC Devices and SCALANCE Out-of-bounds Write (CVE-2025-9230)

An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corrupti...

EUVD-2025-31729

Malicious code in bioql PyPI...

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

UBUNTU-CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

Memory Corruption

firefox is vulnerable to memory corruption vulnerability. Crafted CMS messages are incorrectly processed, leading to invalid memory reads, and potentially further memory corruption...

CVE-2022-31741

The Mozilla Foundation Security Advisory describes this flaw as: A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption...