11 matches found
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
SUSE CVE-2026-45447
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...
ALPINE-CVE-2026-45447
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
AIDE 0.19.3
AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...
PT-2025-47822
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description With TLS 1.2 connections, a client can utilize any digest algorithm, including weaker ones that are supported, instead of adhering to the digests specified in the CertificateRequest. Recommendations At the...
AIDE 0.19.1
AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...
RUSTSEC-2016-0005 rust-crypto is unmaintained; switch to a modern alternative
The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...