4 matches found
Security update for openCryptoki
This update for openCryptoki fixes the following issues: CVE-2026-22791: Fixed supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
CVE-2026-22791
openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...
CVE-2026-22791
CVE-2026-22791 affects the openCryptoki PKCS#11 library for Linux/AIX. The vulnerability is a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation triggered by supplying a compressed EC public key and calling C_WrapKey, allowing a local attacker to cause out-of-bounds writes in the ho...
CVE-2026-22791 openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP
openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...