10 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled...
CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
PT-2026-52585
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A critical extension bypass exists in the ParseCRL Extensions function. The issue occurs when critical extensions in a Certificate Revocation List CRL—a list of...
CVE-2026-3548
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
CVE-2026-3548
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
CVE-2026-3548
Two concrete vulnerabilities affect the wolfSSL CRL parser: heap-based and stack-based buffer overflows when parsing CRL numbers, triggered by crafted CRLs and only in builds with CRL support enabled. The issue stems from storing the CRL number as a hexadecimal string, enabling out-of-bounds writ...
Linux Distros Unpatched Vulnerability : CVE-2026-3548
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap- based buffer overflow could occur when improperly storin...
PT-2026-26327
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
Scientific Linux Security Update : curl on SL5.x i386/x86_64
Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...