1293 matches found
CVE-2026-39856
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...
CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...
EUVD-2026-20944
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...
CVE-2026-39855
osslsigncode prior to 2.13 contains an integer underflow in the PE page-hash calculation (pe_page_hash_calc). If SizeOfHeaders (hdrsize) > SectionAlignment (pagesize), hdrsize is subtracted from pagesize without validation, producing a large unsigned length. The code allocates a zero-filled bu...
CVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...
CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...
CVE-2026-39853
osslsigncode contains a stack buffer overflow in its signature verification paths (PE, MSI, CAB, script) when verifying PKCS#7 signatures. During digest copy from SpcIndirectDataContent into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes), the code does not validate the source length...
PT-2026-31643
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...
osslsigncode 缓冲区错误漏洞
Osslsigncode is a small tool developed by Michał Trojnara as an individual developer. It implements some functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to 2.13 contained a buffer error vulnerability. This vulnerability stemmed from the PE page hash calculation code; ...
Linux Distros Unpatched Vulnerability : CVE-2026-39855
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version...
Linux Distros Unpatched Vulnerability : CVE-2026-39856
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of- bounds read vulnerability exists in osslsigncode version...
Security update for osslsigncode (critical)
openSUSE Security Update: Security update for osslsigncode Announcement ID: openSUSE-SU-2026:0115-1 Rating: critical References: 1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...
HTTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/peinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports s...
K000160136: Binutils vulnerability CVE-2025-66863
Security Advisory Description An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66863 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...
ShellExploit
This project is no longer supported PowerSploit is a col...
SUSE CVE-2025-66862
A buffer overflow vulnerability in function gnuspecial in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
SUSE CVE-2025-66863
An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
SUSE CVE-2025-66866
An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
CVE-2025-66861
A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger an out-of-bounds read in the dunqualifiedname function in the cp-demangle.c file, causing a crash and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the...
EUVD-2025-205614
An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...