CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

CVE-2026-40253

openCryptoki (PKCS#11 library) is affected in versions 3.26.0 and earlier due to BER/DER decoding in the shared asn1.c lacking a buffer length parameter and trusting BER lengths, enabling out-of-bounds reads when malformed BER objects are provided via C_CreateObject, C_UnwrapKey, token loading, o...

EUVD-2026-23318

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

CVE-2026-40253 openCryptoki: Memory safety vulnerabilities in BER/DER decoders in asn1.c

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

openCryptoki 安全漏洞

openCryptoki is an open-source library and tool for Linux that utilizes the PKCS11 standard. Versions of openCryptoki 3.26.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the BER/DER decoding functions in the shared public libraries, which trust the BER length fiel...

PT-2026-33373

Name of the Vulnerable Software and Affected Versions openCryptoki versions prior to 3.26.1 Description The BER/DER decoding functions in the shared common library asn1.c accept a raw pointer without a buffer length parameter and trust attacker-controlled BER length fields without validating them...

opencryptoki security update

An update is available for opencryptoki. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

RLSA-2026:5603 Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

RLSA-2026:5587 Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

opencryptoki security update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

RockyLinux 9 : opencryptoki (RLSA-2026:5603)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:5603 advisory. openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following CVE-2026-23893 Tenable has extracted the preceding description block...

RockyLinux 8 : opencryptoki (RLSA-2026:5587)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:5587 advisory. openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following CVE-2026-23893 Tenable has extracted the preceding description block...

CLSA-2026-1775212043 opencryptoki: Fix of CVE-2026-23893

CVE-2026-23893: fix symlink-following vulnerabilities in privileged contexts...

CLSA-2026-1774952276 opencryptoki: Fix of CVE-2026-23893

CVE-2026-23893: fix symlink-following vulnerabilities in privileged contexts...

RHSA-2026:6006 Red Hat Security Advisory: opencryptoki security update

Bulletin has no description...

MiracleLinux 8 : opencryptoki-3.22.0-3.el8_10.2 (AXSA:2026-365:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-365:03 advisory. openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following CVE-2026-23893 Tenable has extracted the preceding description block...

openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following

A flaw was found in openCryptoki, a PKCS11 library and tooling for Linux and AIX. A token-group user can exploit a symlink-following vulnerability by planting symbolic links in group-writable token directories. When an administrator runs a PKCS11 application or administrative tool as root, it may...

Moderate: Red Hat Security Advisory: opencryptoki security update

An update for opencryptoki is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

MiracleLinux 9 : opencryptoki-3.25.0-4.el9_7.2 (AXSA:2026-359:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-359:02 advisory. openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following CVE-2026-23893 Tenable has extracted the preceding description block...