SUSE-SU-2026:0291-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-22791: Fixed supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673...

SUSE CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

UBUNTU-CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

CVE-2026-22791 openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

GHSA-584Q-6J8J-R5PM secp256k1-node allows private key extraction over ECDH

Summary In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.jsL37-L39 loadCompressedPublicKey is, however, missing that check:...

PT-2024-33278 · Unknown · Secp256K1-Node

Name of the Vulnerable Software and Affected Versions: secp256k1-node versions prior to 5.0.1 secp256k1-node versions prior to 4.0.4 secp256k1-node versions prior to 3.8.1 Description: The issue affects the elliptic-based version of secp256k1-node, where the loadCompressedPublicKey function is...