Lucene search
K

23343 matches found

OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-223 openssl-src NULL pointer Dereference in signature_algorithms processing

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

5.9CVSS6.8AI score0.62906EPSS
Exploits3References35
OSV
OSV
added 2026/04/27 6:33 p.m.15 views

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.7AI score0.00444EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-231 openssl-src subject to Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS7.3AI score0.16195EPSS
Exploits0References6
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-245 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS7.3AI score0.02323EPSS
Exploits0References16
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-256 Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can...

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.7AI score0.47621EPSS
Exploits7References11
OSV
OSV
added 2026/04/27 6:33 p.m.8 views

JLSEC-2026-221 Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS6.3AI score0.50732EPSS
Exploits0References27
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-228 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection....

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

9.8CVSS6.9AI score0.83223EPSS
Exploits5References26
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-234 Vulnerable OpenSSL included in cryptography wheels

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.2AI score0.59501EPSS
Exploits0References13
OSV
OSV
added 2026/04/27 6:33 p.m.8 views

JLSEC-2026-224 SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS7.2AI score0.87816EPSS
Exploits1References26
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-240 Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty...

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.8AI score0.00525EPSS
Exploits0References10
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-258 Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when...

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

5.5CVSS5.3AI score0.00176EPSS
Exploits1References5
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-217 OpenSSL has internal defaults for a directory tree where it can find a configuration file as well...

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

3.3CVSS5.3AI score0.00678EPSS
Exploits0References31
OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-215 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include...

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

5.3CVSS6.3AI score0.06232EPSS
Exploits0References25
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-236 Applications that use a non-default option when verifying certificates may be vulnerable to an...

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.3AI score0.01583EPSS
Exploits0References12
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-218 In situations where an attacker receives automated notification of the success or failure of a...

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.1AI score0.03838EPSS
Exploits0References44
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

5.9CVSS6.6AI score0.06968EPSS
Exploits3References39
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-219 Null pointer deference in openssl-src

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS6.2AI score0.53336EPSS
Exploits2References42
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-233 openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS7.1AI score0.04494EPSS
Exploits0References15
OSV
OSV
added 2026/04/27 6:33 p.m.27 views

JLSEC-2026-239 Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them...

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.3AI score0.73461EPSS
Exploits0References14
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-242 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.8AI score0.00862EPSS
Exploits0References11
Rows per page
Query Builder