CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

UBUNTU-CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

OSV-2025-1049 Heap-buffer-overflow in unsigned char* std::__1::vector<unsigned char, std::__1::allocator<unsigned char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472222304 Crash type: Heap-buffer-overflow READ 1 Crash state: unsigned char std::1::vectorunsigned char, std::1::allocatorunsigned char pcpp::TLSECPointFormatExtension::getECPointFormatList...

EUVD-2020-9430

Malware in sbrugna...

CVE-2020-17478

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm...

SUSE: Security Advisory (SUSE-SU-2019:14092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-17478

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm...

SUSE-SU-2019:14092-1 Security update for openssl

This update for openssl fixes the following issues: Security issues fixed: - CVE-2019-1559: Fix 0-byte record padding oracle via SSLshutdown bsc1127080 - Reject invalid EC point coordinates bsc1131291 - Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attac...

openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2019:1637-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for compat-openssl098 (moderate)

openSUSE Security Update: Security update for compat-openssl098 Announcement ID: openSUSE-SU-2019:1637-1 Rating: moderate References: 1117951 1127080 1131291 Cross-References: CVE-2019-1559 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has two fixes is now...

SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2019:1608-1)

This update for compat-openssl098 fixes the following issues : CVE-2019-1559: Fix 0-byte record padding oracle via SSLshutdown bsc1127080 Reject invalid EC point coordinates bsc1131291 Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' bsc1117951 Note that Tenable...

SUSE-SU-2019:1608-1 Security update for compat-openssl098

This update for compat-openssl098 fixes the following issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSLshutdown bsc1127080 - Reject invalid EC point coordinates bsc1131291 - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' bsc1117951...

SUSE-SU-2019:1553-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2018-0732: Reject excessively large primes in DH key generation bsc1097158 - CVE-2018-0734: Timing vulnerability in DSA signature generation bsc1113652 - CVE-2018-0737: Cache timing vulnerability in RSA Key Generation bsc1089039 -...

SUSE-SU-2019:14091-1 Security update for openssl1

This update for openssl1 fixes the following security issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSLshutdown bsc1127080 - Reject invalid EC point coordinates bsc1131291 - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' bsc1117951...

Security update for openssl (moderate)

openSUSE Security Update: Security update for openssl Announcement ID: openSUSE-SU-2019:1373-1 Rating: moderate References: 1131291 Affected Products: openSUSE Leap 42.3 An update that contains security fixes can now be installed. Description: This update for openssl fixes the following issues: -...

SUSE-SU-2019:1136-1 Security update for openssl

This update for openssl fixes the following issues: - Reject invalid EC point coordinates bsc1131291 This helps openssl using services that do not do this verification on their own...

Authentication flaw

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

OpenJDK: incorrect handling of certain EC points (Security, 8178135)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network...