522 matches found
CVE-2026-41565
CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...
PT-2026-44386
CryptX versions before 0.088 001 for Perl have a stack buffer overflow in four AEAD decrypt verify helpers. The gcm decrypt verify, ccm decrypt verify, chacha20poly1305 decrypt verify and eax decrypt verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buff...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: lib/crypto: arm/poly1305 – Fixed register corruption in no-SIMD contexts. Restored the SIMD usability check that was removed with commit 773426f4771b “crypto: arm/poly1305 – Added block-only interface”. This safety check is...
Astra Linux - уязвимость в paramiko, libssh, libssh2, erlang, openssh
The SSH transport protocol, with certain OpenSSH extensions, found in OpenSSH versions prior to 9.6 and other products, allows remote attackers to bypass integrity checks. As a result, some packets may be omitted from the extension negotiation message. Consequently, the client and server may end ...
Astra Linux - уязвимость в nss
A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: lib/crypto: arm64/poly1305 – Fixed register corruption in no-SIMD contexts. The SIMD usability check, which was removed with the commit a59e5468a921 “crypto: arm64/poly1305 – Added block-only interface”, has been restored. Thi...
GHSA-HC3C-63HC-2R9F libcrux: Potential Panic on Overlong Ciphertext Buffer
An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...
Unity Linux 20.1060e / 20.1070e Security Update: nss (UTSA-2026-017618)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017618 advisory. A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. Thi...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: crypto: arm64/poly1305 – fixed a read out-of-bound issue. A KASAN error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neonpoly1305blocks.constprop.0+0x1b4/0x250 poly1305neon Read of size 4 at addr...
Juniper Junos OS Multiple Vulnerabilities (JSA82974)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA82974 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64...
JLSEC-2026-245 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
JLSEC-2026-242 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...
CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
PT-2026-36652
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...
K000160933: OpenSSL for Windows vulnerability CVE-2023-4807
Security Advisory Description Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: ...
EUVD-2026-21292
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
DEBIAN-CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
UBUNTU-CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...