Lucene search
K

4 matches found

OSV
OSV
added 2026/05/29 1:55 p.m.6 views

CLSA-2026-1780062952 Fix CVE(s): CVE-2026-28389

SECURITY UPDATE: NULL pointer dereference in CMS EnvelopedData processing when a KeyAgreeRecipientInfo message omits the optional parameters field of KeyEncryptionAlgorithmIdentifier. Both dhcmssetsharedinfo and ecdhcmssetsharedinfo dereference alg-parameter without a NULL check, allowing a remot...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 1:36 p.m.12 views

CLSA-2026-1777297012 openssl: Fix of 3 CVEs

CVE-2026-28388: fix NULL dereference in checkdeltabase when a Delta CRL lacks the CRL Number extension - CVE-2026-28389: fix NULL dereference in dh/ecdhcmssetsharedinfo when KeyEncryptionAlgorithmIdentifier has no parameters field - CVE-2026-28390: fix NULL dereference in rsacmsdecrypt when the...

7.5CVSS7.2AI score0.00885EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 11:9 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...

8.2CVSS5.8AI score0.00805EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 10:16 p.m.7 views

ALPINE-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References1
Rows per page
Query Builder