64 matches found
CVE-2026-3580
In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...
PT-2026-26340
Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.4 Description The software contains a flaw in the constant-time masking logic within the sp 256 get entry 256 9 function. When compiled with GCC targeting RISC-V RV32I using the -O3 optimization flag, the logic is altered...
CVE-2025-13912
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...
EUVD-2016-5056
Malware in sbrugna...
EUVD-2020-7291
Malware in sbrugna...
EUVD-2015-8921
Malware in sbrugna...
EUVD-2022-0419
Malicious code in bioql PyPI...
Compiler Optimization Removal or Modification of Security-critical Code
Overview Affected versions of this package are vulnerable to Compiler Optimization Removal or Modification of Security-critical Code due to a race condition in AESNI detection when certain compiler optimizations are applied. An attacker can extract sensitive cryptographic keys or perform...
CVE-2019-25054
An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...
GHSA-X4GP-PQPJ-F43Q curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...
CVE-2024-4141
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...
UBUNTU-CVE-2024-4141
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...
CVE-2024-4141
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...
Mozilla: Out-of-bounds-read after mis-optimized switch statement
The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...
Missing Initialization of Resource in pnet
An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...
GHSA-24G6-5RX7-58WJ Missing Initialization of Resource in pnet
An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...
CVE-2019-25054
An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...
GHSA-R6FF-2Q3C-V3PV Compiler optimisation leads to SEGFAULT
Affected versions of the pnet crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault...
Xen Paging Tables Race Condition (XSA-328)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, X...
CVE-2020-15294
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would...