CVE-2026-43304 libceph: define and enforce CEPH_MAX_KEY_LEN

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

CVE-2023-53618

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...

CVE-2018-20954

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...

CVE-2022-49820

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: don't count unused / invalid keys for flow release We're currently hitting the WARNON in mctpi2cflowrelease: if midev-releasecount midev-i2clockcount WARNONCE1, "release count overflow"; This may be hit if we expire a...

CLSA-2025-1741787087 openssl: Fix of CVE-2023-6237

CVE-2023-6237: optimize computation time for RSA modulus to avoid possible denial of service while checking excessively long invalid RSA public keys...

CVE-2025-25201

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

PT-2025-7057 · Nitrokey · Nitrokey 3 Firmware

Name of the Vulnerable Software and Affected Versions: Nitrokey 3 Firmware versions 1.8.0 and prior test releases with PIV enabled Description: The PIV application in the Nitrokey 3 Firmware could accept invalid keys for authentication of the admin key, potentially compromising the integrity of t...

Excessive time spent checking invalid RSA public keys

...

golang: invalid public key causes panic in dsa.Verify

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

GHSA-2M39-62FM-Q8R3 Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

openssl: use-after-free on invalid EC private key import

A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported...

openssl: DoS due to improper handling of OCSP response verification

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service NULL pointer dereference and application crash via an invalid key...

OpenSC crypto vulnerability

pkcs11-tool invalid keys generation allows message decryption...

Gentoo Security Advisory GLSA 200905-04 (gnutls)

The remote host is missing updates announced in advisory GLSA 200905-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200905-04 (gnutls)

The remote host is missing updates announced in advisory GLSA 200905-04. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...