57 matches found
GHSA-F659-372H-6X3X netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...
CVE-2026-41676
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...
GHSA-PQF5-4PQQ-29F5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...
PT-2026-34619
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVP PKEY derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and...
Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme Based on the Vector Computational Diffie-Hellman (V-CDH) Problem
This work introduces the Primitive Vector Cipher PVC, a novel hybrid encryption scheme integrating matrix-based cryptography with advanced Diffie-Hellman key exchange. PVC's security is grounded on the established hardness of the Vector Computational Diffie- Hellman V-CDH problem. The two-layered...
EUVD-2017-0020
Malware in sbrugna...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25-openssl (SUSE-SU-2025:03161-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03161-1 advisory. Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23-openssl (SUSE-SU-2025:03159-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03159-1 advisory. Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged...
SUSE-SU-2025:03161-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...
SUSE-SU-2025:03159-1 Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. jscSLE-18320 Rebase to 1.23.12 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash...
Security update for go1.24-openssl
This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jscSLE-18320 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...
SUSE-SU-2025:03158-1 Security update for go1.24-openssl
This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jscSLE-18320 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...
SUSE SLES15 Security Update : go1.25-openssl (SUSE-SU-2025:03115-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03115-1 advisory. Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Reba...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...
SUSE-SU-2025:02837-1 Security update for go1.24-openssl
This update for go1.24-openssl fixes the following issues: Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of '', '.' and '..' in some PATH...
SUSE-SU-2025:02812-1 Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: Updated to go1.23.12 released 2025-08-06 bsc1229122: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of '', '.' and '..' in some PATH...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: Security fixes: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Other fixes: FIPS: AES GCM external IV implementation bsc1228618 FIPS: Mark PBKDF2 and HKDF HMAC input keys with size = 112 bits as approved in the SLI. bsc1228623...