Lucene search
+L

13 matches found

osv
osv
added 2026/05/19 5:23 p.m.9 views

SUSE-SU-2026:21824-1 Security update for leancrypto

This update for leancrypto fixes the following issues Security issue: - CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when stori...

5.9CVSS5.9AI score0.00162EPSS
Exploits0References6
nvd
nvd
added 2026/04/10 12:16 a.m.13 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS0.00275EPSS
Exploits0References1
osv
osv
added 2026/04/10 12:16 a.m.5 views

DEBIAN-CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.4AI score0.00275EPSS
Exploits0References1
nessus
nessus
added 2026/04/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-5460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/04/10 12:0 a.m.4 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
debiancve
debiancve
added 2026/04/09 11:29 p.m.16 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.4AI score0.00275EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/04/09 11:29 p.m.9 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.4AI score0.00275EPSS
Exploits0
attackerkb
attackerkb
added 2026/04/09 11:29 p.m.5 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.3CVSS5.9AI score0.00275EPSS
Exploits0References2
cve
cve
added 2026/04/09 11:29 p.m.31 views

CVE-2026-5460

Vulnerability summary (CVE-2026-5460) : A heap use-after-free exists in wolfSSL’s TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error path of TLSX_KeyShare_ProcessPqcHybridClient() (src/tls.c), TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object on error. The ...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/04/09 11:29 p.m.3 views

CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.3CVSS5.8AI score0.00275EPSS
Exploits0References1
susecve
susecve
added 2024/06/11 2:6 a.m.6 views

SUSE CVE-2024-36405

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...

5.5CVSS6.8AI score0.00515EPSS
Exploits0References4
debiancve
debiancve
added 2024/06/10 12:47 p.m.13 views

CVE-2024-36405

Removed by vendor...

7.5CVSS6.7AI score0.00515EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/06/10 12:0 a.m.10 views

PT-2024-4342 · Liboqs +1 · Liboqs +1

Name of the Vulnerable Software and Affected Versions: liboqs versions prior to 0.10.1 Description: A control-flow timing issue has been identified in the reference implementation of the Kyber key encapsulation mechanism in liboqs, a C-language cryptographic library that provides implementations ...

8.2CVSS6.5AI score0.00515EPSS
Exploits0References38
Rows per page
Query Builder