Lucene search
K

4 matches found

SUSE Linux
SUSE Linux
added 2026/01/26 11:11 a.m.4 views

Security update for openCryptoki

This update for openCryptoki fixes the following issues: CVE-2026-22791: Fixed supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS5.9AI score0.00237EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/01/13 7:16 p.m.8 views

CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

6.6CVSS6.1AI score0.00237EPSS
Exploits1References3
CVE
CVE
added 2026/01/13 7:6 p.m.19 views

CVE-2026-22791

CVE-2026-22791 affects the openCryptoki PKCS#11 library for Linux/AIX. The vulnerability is a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation triggered by supplying a compressed EC public key and calling C_WrapKey, allowing a local attacker to cause out-of-bounds writes in the ho...

6.6CVSS6.6AI score0.00237EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/13 7:6 p.m.25 views

CVE-2026-22791 openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

6.6CVSS0.00237EPSS
Exploits1References3
Rows per page
Query Builder