CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

UBUNTU-CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

CVE-2026-22791 openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

CVE-2026-22791 openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

CVE-2026-22791 openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

EUVD-2026-2415

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

CVE-2026-22791

CVE-2026-22791 affects the openCryptoki PKCS#11 library for Linux/AIX. The vulnerability is a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation triggered by supplying a compressed EC public key and calling C_WrapKey, allowing a local attacker to cause out-of-bounds writes in the ho...

CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

PT-2026-2795

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM ECDH AES KEY WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public...

openCryptoki 安全漏洞

openCryptoki is openCryptoki open source a PKCS11 library and tools for Linux. A security vulnerability exists in openCryptoki versions 3.25.0 and 3.26.0, which stems from a heap buffer overflow in the CKMECDHAESKEYWRAP implementation that could lead to heap corruption or denial of service...

EUVD-2012-4386

Malware in sbrugna...

EUVD-2012-4385

Malware in sbrugna...

EUVD-2021-27058

Malware in sbrugna...

EUVD-2024-16696

Malicious code in bioql PyPI...

TencentOS Server 3: opencryptoki (TSSA-2024:0098)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0098 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: opencryptoki (TSSA-2024:0927)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0927 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2024-0914 affecting package opencryptoki for versions less than 3.24.0-3

CVE-2024-0914 affecting package opencryptoki for versions less than 3.24.0-3. An upgraded version of the package is available that resolves this issue...

Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

...

Alibaba Cloud Linux 3 : 0210: opencryptoki bug fix and enhancement update (Moderate) (ALINUX3-SA-2024:0210)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0210 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-0914: A timing side-channel vulnerability...

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...