8 matches found
CVE-2026-53016
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsize AFALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccpaescomplete restores AESBLOCKSIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, s...
Linux Distros Unpatched Vulnerability : CVE-2024-38579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer...
CLSA-2024-1709548308 openssl: Fix of CVE-2023-5363
CVE-2023-5363: process key length and iv length early if present...
OESA-2025-1192 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...
CLSA-2023-1702495193 openssl: Fix of CVE-2023-5363
CVE-2023-5363: evp: process key length and iv length early if present...
Incorrect cipher key & IV length processing
...
USN-6450-1 openssl vulnerabilities
Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. CVE-2023-5363 Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV...
UBUNTU-CVE-2023-5363
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...