Lucene search
K

16 matches found

Cvelist
Cvelist
added last week19 views

CVE-2026-55961 wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS0.00095EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-39491

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS5.8AI score0.00095EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55961

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS5.8AI score0.00095EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week15 views

CVE-2026-55961

The CVE describes a flaw in wolfSSL where wolfSSL_PKCS7_verify() incorrectly reported success for a degenerate PKCS#7 object that contains no signer. In such objects, signerInfos is empty, so underlying signed-data verification could succeed without authenticating any content. The fix enforces th...

8.2CVSS5.8AI score0.00095EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added last week5 views

CVE-2026-55961

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS5.8AI score0.00095EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-1520

Malware in sbrugna...

6.5CVSS6.5AI score0.01251EPSS
Exploits0References6
OSV
OSV
added 2022/05/08 6:15 a.m.1 views

UBUNTU-CVE-2018-25033

ADMesh through 0.98.4 has a heap-based buffer over-read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a...

8.1CVSS7.4AI score0.00998EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/08 12:0 a.m.3 views

ADMesh 缓冲区错误漏洞

ADMesh is a program for working with triangular solid meshes. A security vulnerability exists in ADMesh version 0.98.4 and earlier, which stems from a heap-based out-of-bounds read in stlupdateconnectsremove1 called from stlremovedegenerate in connect.c in libadmesh.a. The vulnerability is caused...

8.1CVSS7.6AI score0.00998EPSS
Exploits1References5
OSV
OSV
added 2021/08/25 9:0 p.m.2 views

GHSA-2WC6-2RCJ-8V76 scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

6.5CVSS6.6AI score0.01251EPSS
Exploits0References5
OSV
OSV
added 2021/08/25 8:45 p.m.13 views

GHSA-WRVC-72W7-XPMJ Incorrect Comparison in sodiumoxide

An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

9.8CVSS9.4AI score0.01484EPSS
Exploits0References6
Prion
Prion
added 2017/11/17 6:29 p.m.11 views

Code injection

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

4.3CVSS6.4AI score0.01251EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/11/17 6:29 p.m.23 views

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

6.5CVSS6.5AI score0.01251EPSS
Exploits0References1
OSV
OSV
added 2017/11/17 6:29 p.m.3 views

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

6.5CVSS5.8AI score0.01251EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/11/17 6:0 p.m.29 views

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

6.4AI score0.01251EPSS
Exploits0References1
CVE
CVE
added 2017/11/17 6:0 p.m.49 views

CVE-2017-1000168

The CVE-2017-1000168 entry concerns sodiumoxide prior to a fixed release where the scalarmult() function refused all-zero public keys, preventing the derived Diffie-Hellman shared secret from always being zero. The root cause, as documented in multiple sources (e.g., rustsec and GHSA advisories),...

6.5CVSS6.4AI score0.01251EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/01/26 12:0 p.m.21 views

RUSTSEC-2017-0001 scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

6.5CVSS6.6AI score0.01251EPSS
Exploits0References3
Rows per page
Query Builder