Lucene search
K

39 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS7AI score0.00805EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 9:16 p.m.2 views

DEBIAN-CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 p.m.5 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:16 p.m.22 views

CVE-2026-6678 Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

1CVSS0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:16 p.m.5 views

EUVD-2026-39558

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

1CVSS5.8AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:16 p.m.12 views

CVE-2026-6678

CVE-2026-6678 affects wolfSSL’s wc_PKCS7_DecryptOri function. A crafted Other Recipient Info triggers an integer underflow, causing incorrect length handling during decryption. Impact is described as decryption length mismanagement; no explicit exploitation details are provided in the connected d...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 8:16 p.m.4 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:3 a.m.7 views

Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

...

3.7CVSS5.8AI score0.0035EPSS
Exploits0
NVD
NVD
added 2026/06/09 5:17 p.m.28 views

CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.9CVSS0.00595EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.9 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1711-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1711-1 advisory. This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/04/28 4:27 p.m.5 views

CLSA-2026-1777393624 Fix CVE(s): CVE-2026-28390

SECURITY UPDATE: NULL dereference in CMS RSA-OAEP decryption when the optional pSourceFunc parameters field is omitted from a KeyTransportRecipientInfo, leading to a denial of service. - debian/patches/CVE-2026-28390.patch: check plab-parameter for NULL before accessing its type field in...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 6:33 p.m.8 views

JLSEC-2026-274 Issue summary: During processing of a crafted CMS EnvelopedData message with...

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.4 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1605-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1605-1 advisory. This update for openssl-3 fixes the following issue: Security issues fixed: - CVE-2026-28390: NULL pointer dereference during processing of ...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1562-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1562-1 advisory. - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc126167...

7.5CVSS5.5AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 3:53 p.m.8 views

SUSE-SU-2026:1577-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInf...

9.8CVSS5.7AI score0.00885EPSS
Exploits0References11
OSV
OSV
added 2026/04/23 7:6 a.m.5 views

SUSE-SU-2026:1562-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 9:41 a.m.5 views

SUSE-SU-2026:1550-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2026/04/20 12:56 p.m.3 views

SUSE-SU-2026:21244-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.2AI score0.00805EPSS
Exploits0References3
Rows per page
Query Builder