14 matches found
CVE-2026-35334
Possible NULL-Pointer Dereference in RSA Decryption...
UBUNTU-CVE-2026-35334
Possible NULL-Pointer Dereference in RSA Decryption...
OESA-2024-1729 iperf3 security update
Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. Security Fixes: iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a...
CVE-2023-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...
iPerf3 安全漏洞
iPerf3 is an ESnet open source tool for actively measuring the maximum achievable bandwidth on an IP network. A security vulnerability exists in iPerf3 versions prior to 3.17 that stems from allowing the use of a timed side channel in an RSA decryption operation, which could allow an attacker to...
kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...
PT-2024-2706
Name of the Vulnerable Software and Affected Versions: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched Description: The issue is related to the use of hidden side channels in the PrivateDecrypt function of th...
PT-2023-8446
Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.0.0 Description The issue is related to an Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process in the jsrsasign package. An attacker can decrypt ciphertexts by exploiting this flaw, which is...
SUSE CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
The vulnerability of RSA decryption functions in the Nettle cryptographic library, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.
The vulnerability of RSA decryption functions in the Nettle cryptographic library is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using specially created ciphertext...
The vulnerability of the implementation of the SM2 cryptographic algorithm in the OpenSSL library allows a perpetrator to execute arbitrary code.
The vulnerability of the implementation of the SM2 cryptographic algorithm in the OpenSSL library lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by transmitting specially crafted data for...
ALPINE-CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Linux Nettle 输入验证错误漏洞
Linux Nettle is an American open source application for Linux. Contains a design that lends itself easily to a low-level cryptographic library in many cases. An input validation error vulnerability exists in Linux Nettle, which stems from the way the RSA decryption function improperly handles...
PT-2021-5781 · Nettle +9 · Nettle +9
Name of the Vulnerable Software and Affected Versions: Nettle affected versions not specified Description: A flaw was found in the way Nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application...