Lucene search
+L

27 matches found

cve
cve
added 2026/07/06 7:25 p.m.15 views

CVE-2026-41515

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) has a vulnerability in the RSA-OAEP decryption path within the NXP CAAM crypto driver. From version 3.9.0 up to, but not including, 4.11.0, the driver uses non-constant-time memcmp() for label hash verification, exposing a Manger-s...

3.3CVSS6AI score0.00094EPSS
Exploits0References1Affected Software1
alpinelinux
alpinelinux
added 2026/05/20 5:45 a.m.39 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.0055EPSS
Exploits0References3
redhat
redhat
added 2026/04/09 2:13 p.m.3 views

glibc: nscd client crash on x86_64 under high nscd load

A flaw was found in glibc. When calling NSS-backed functions that support caching via nscd, the nscd client under high load on x8664 systems may call the memcmp function on inputs that are concurrently modified by other processes or threads, causing a crash and resulting in a denial of service...

6.2CVSS6.1AI score0.00146EPSS
Exploits1References8
nvd
nvd
added 2026/03/11 2:16 p.m.6 views

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS0.00146EPSS
Exploits1References6
cve
cve
added 2026/03/11 1:19 p.m.35 views

CVE-2026-3904

The CVE-2026-3904 issue affects the GNU C Library (GLIBC) v2.36 on x86_64 where memcmp, used by an NSS-backed path accessing nscd client code, may operate on inputs concurrently modified by other threads. This undefined behavior could crash the nscd client and dependent applications. The vulnerab...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References6Affected Software1
hackerone
hackerone
added 2026/02/01 1:35 p.m.18 views

Node.js: Timing side-channel in HMAC verification via memcmp() in crypto_hmac.cc leads to potential MAC forgery

Vulnerability description not provided...

5.9CVSS6.2AI score0.00385EPSS
Exploits0
redhat
redhat
added 2025/11/25 12:37 p.m.5 views

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

7.1CVSS5.8AI score0.00152EPSS
Exploits0References5
nessus
nessus
added 2025/10/24 12:0 a.m.4 views

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-2261)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.CVE-2024-56737 GNU GRUB a...

8.8CVSS7.2AI score0.00721EPSS
Exploits0References3
redhat
redhat
added 2025/10/20 2:28 a.m.3 views

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

7.1CVSS5.8AI score0.00152EPSS
Exploits0References5
nessus
nessus
added 2025/09/10 12:0 a.m.7 views

EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2025-2098)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks.CVE-2024-56738...

5.3CVSS7AI score0.00386EPSS
Exploits0References2
mscve
mscve
added 2025/09/03 10:1 p.m.7 views

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

...

5.3CVSS7AI score0.00386EPSS
Exploits0
osv
osv
added 2025/08/12 5:35 p.m.1 views

SUSE-SU-2025:02772-1 Recommended update for grub2

This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http bsc1246157, bsc1246237 - Skip moun...

5.3CVSS7.1AI score0.00386EPSS
Exploits0References6
suse
suse
added 2025/08/07 9:1 a.m.6 views

Security update for grub2

This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.7CVSS6.9AI score0.00386EPSS
Exploits0References4
suse
suse
added 2025/08/07 9:1 a.m.5 views

Security update for grub2

This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.7CVSS6.9AI score0.00386EPSS
Exploits0References4
osv
osv
added 2024/12/29 7:15 a.m.1 views

DEBIAN-CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

5.3CVSS7AI score0.00386EPSS
Exploits0References1
osv
osv
added 2024/12/29 7:15 a.m.6 views

AZL-54709 CVE-2024-56738 affecting package grub2 2.06-26

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

5.3CVSS7.3AI score0.00386EPSS
Exploits0References1
osv
osv
added 2024/07/29 7:15 a.m.3 views

DEBIAN-CVE-2024-41016

In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2xattrfindentry xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this...

5.5CVSS5.7AI score0.00239EPSS
Exploits0References1
osv
osv
added 2024/02/11 3:15 a.m.4 views

DEBIAN-CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS5.3AI score0.00814EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 5:47 a.m.4 views

SUSE CVE-2012-2122

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remo...

5.1CVSS6.6AI score0.96188EPSS
Exploits10References7
osv
osv
added 2023/02/08 8:15 p.m.2 views

ALPINE-CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.8AI score0.59501EPSS
Exploits0References1
Rows per page
Query Builder