Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE [CVE-2026-34986]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE, due to an issue occuring when cipher.KeyUnwrap in keywrap.go attempts to allocate a slice with a zero or negative length based on the length of the encryptedkey CVE-2026-34986. Go JOSE is used as...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

SUSE-SU-2026:20542-1 Security update for openssl-3-livepatches

This update for openssl-3-livepatches fixes the following issues: - CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: Fixed NULL...

openssl security update

1:1.1.1k-14 - Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap Fix CVE-2025-9230 Resolves: RHEL-128613 - Fix bug for ticketlifetimehint exceed issue Resolves: RHEL-119891 1:1.1.1k-13 - Backport fix SSLselectnext proto from OpenSSL 3.2 Fix CVE-2024-5535 Resolves: RHEL-45654...

RHEL 9 : openssl (RHSA-2026:1349)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1349 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

RHEL 8 : openssl (RHSA-2026:0714)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0714 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

openssl security update

1:1.1.1k-14 - Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap Fix CVE-2025-9230 Resolves: RHEL-128613 - Fix bug for ticketlifetimehint exceed issue Resolves: RHEL-119891...

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the securi...

CVE-2025-67897

A flaw was found in Sequoia. This vulnerability allows a remote attacker to crash an application via sending a victim an encrypted message with a crafted Public Key Encrypted Session Key PKESK or Symmetric Key Encrypted Session Key SKESK packet, which causes aeskeyunwrap to panic when processing ...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2025:03438-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03438-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2025:03437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03437-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:03441-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03441-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...

Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

GHSA-V6X3-9R38-R27Q Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

EUVD-2025-203279

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

CVE-2025-67897

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

CVE-2025-67897

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

CVE-2025-67897

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...