CVE-2026-41207

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

CVE-2026-41207

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

netty-incubator-codec-ohttp 安全特征问题漏洞

netty-incubator-codec-ohttp is an application developed by the Netty community. Versions prior to 0.0.21.Final of netty-incubator-codec-ohttp contain a security vulnerability. This vulnerability arises from returning a non-empty value when HKDF-expand fails, which may lead to the use of a key wit...

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

GHSA-F659-372H-6X3X netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

GHSA-PQF5-4PQQ-29F5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

PT-2026-34619

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVP PKEY derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and...

Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme Based on the Vector Computational Diffie-Hellman (V-CDH) Problem

This work introduces the Primitive Vector Cipher PVC, a novel hybrid encryption scheme integrating matrix-based cryptography with advanced Diffie-Hellman key exchange. PVC's security is grounded on the established hardness of the Vector Computational Diffie- Hellman V-CDH problem. The two-layered...

EUVD-2017-0020

Malware in sbrugna...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25-openssl (SUSE-SU-2025:03161-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03161-1 advisory. Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23-openssl (SUSE-SU-2025:03159-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03159-1 advisory. Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...

SUSE-SU-2025:03161-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. jscSLE-18320 Rebase to 1.25.0 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...

SUSE-SU-2025:03159-1 Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. jscSLE-18320 Rebase to 1.23.12 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash...