Lucene search
+L

301 matches found

Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.8 views

Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Post-quantum migration in Transport Layer Security TLS requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/27 6:33 p.m.15 views

JLSEC-2026-271 Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key...

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.6AI score0.00435EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/04/27 10:15 a.m.8 views

org.apache.camel.karaf:camel-pqc (=4.18.1), org.apache.camel.quarkus:camel-quarkus-pqc (>=3.32.0 <=3.33.0) +2 more potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (>=4.18.0 <=4.18.1)

org.apache.camel:camel-pqc MAVEN version =4.18.0, =3.32.0, =3.32.0, =4.18.0, =4.18.1 Source cves: CVE-2026-40048 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321659...

7.8CVSS5.8AI score0.00342EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/27 10:15 a.m.7 views

org.apache.camel.springboot:camel-pqc-starter (=4.19.0) potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (=4.19.0)

org.apache.camel:camel-pqc MAVEN version =4.19.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-pqc and may be impacted: - org.apache.camel.springboot:camel-pqc-starter =4.19.0 Source cves: CVE-2026-40048 Source advisory:...

7.8CVSS5.8AI score0.00342EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.6 views

Network Impact of Post-Quantum Certificate Chain Sizes on Time to First Byte in TLS Deployments

Post-Quantum Cryptography PQC is a rapidly growing deployment challenge as cryptographically relevant quantum computers CRQC continue to advance, leaving traditional cryptographic algorithms used in X.509 vulnerable to attack. However, PQC introduces significant deployment challenges in real-worl...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.10 views

Machine-Checked Cardinality Bounds for Masked Barrett Reduction: A 1-Bit Side-Channel Leakage Barrier in Post-Quantum Cryptographic Hardware

Barrett reduction is the nonlinear core of every practical NTT-based post-quantum cryptography implementation. Existing composition frameworks ISW, t-SNI, PINI, DOM address Boolean masking over GF2; none provides a machine-checked characterization of Barrett's leakage under first-order arithmetic...

5.3AI score
Exploits0
Filippo.io
Filippo.io
added 2026/04/20 3:21 p.m.10 views

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...

6AI score
Exploits0
HackRead
HackRead
added 2026/04/17 5:44 p.m.8 views

The Race to Quantum-Proof the Internet Has Already Begun

The race to quantum-proof the internet is underway as experts warn of “harvest now, decrypt later” risks and slow migration to post-quantum security...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/16 4:0 p.m.8 views

Building your cryptographic inventory: A customer strategy for cryptographic posture management

Post-quantum cryptography PQC is coming—and for most organizations, the hardest part won’t be choosing new algorithms. It will be finding where cryptography is used today across applications, infrastructure, devices, and services so teams can plan, prioritize, and modernize with confidence. At...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.8 views

Quantum-Safe IPsec in the Banking Industry

The emergence of Cryptographically Relevant Quantum Computers CRQCs presents a critical threat to classical cryptographic systems, particularly widely adopted protocols such as RSA, Diffie-Hellman DH, and Elliptic Curve Cryptography ECC. Given their extensive use in the financial sector, the adve...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/10 1:0 a.m.14 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the error handling path of the TLSXKeyShareProcessPqcHybridClient process. An attacker can cause memory corruption or potentially execute arbitrary code by triggering an error during post-quantum cryptography hybrid...

6.5CVSS6.2AI score0.00275EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 12:16 a.m.14 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 12:16 a.m.5 views

DEBIAN-CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.4AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 12:16 a.m.13 views

UBUNTU-CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/10 12:0 a.m.4 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains a security vulnerability that stems from the handling of mixed key sharing in TLS 1.3 and post-quantum...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 11:29 p.m.5 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.3CVSS5.9AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 11:29 p.m.31 views

CVE-2026-5460

Vulnerability summary (CVE-2026-5460) : A heap use-after-free exists in wolfSSL’s TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error path of TLSX_KeyShare_ProcessPqcHybridClient() (src/tls.c), TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object on error. The ...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 11:29 p.m.49 views

CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.3CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.22 views

PT-2026-31828

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A heap use-after-free issue exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. Specifically, within the TLSX KeyShare ProcessPqcHybridClient function in...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References11
Rows per page
Query Builder