python311-rfc3161-client-1.0.6-1.1 on GA media (moderate)

python311-rfc3161-client-1.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10546-1 Rating: moderate Cross-References: CVE-2026-33753 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:10546-1 python311-rfc3161-client-1.0.6-1.1 on GA media

These are all security issues fixed in the python311-rfc3161-client-1.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

CVE-2026-33753

A flaw was found in rfc3161-client, a Python library implementing the Time-Stamp Protocol TSP. This authorization bypass vulnerability allows a remote attacker to impersonate a trusted TimeStamping Authority TSA. The flaw exists in the library's signature verification process, specifically in how...

CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2026-33753 via rfc3161-client (>=0.0.4 <=0.1.2)

rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2026-33753 Source advisory: OSV:GHSA-3XXC-PWJ6-JGRJ...

rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

CVE-2026-33753

CVE-2026-33753 affects the Python library rfc3161-client (prior to 1.0.6). The vulnerability arises in the library’s signature verification when extracting the leaf certificate from an unordered PKCS#7 bag of certificates, enabling an attacker to append a forged certificate that matches the targe...

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

rfc3161-client 安全漏洞

rfc3161-client is a software developed by Trail of Bits. Versions prior to rfc3161-client 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in signature verification, which could allow attackers to impersonate trusted timestamping institutions...

EUVD-2025-18798

Malicious code in bioql PyPI...

Improper Signature Verification

rfc3161-client is vulnerable to Improper Signature Verification. The vulnerability is due to insufficient signature validation due to failure to verify the Timestamp Response TSR signature against the timestamping leaf certificate, allowing attackers to forge signatures that appear valid if the...

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

rfc3161-client 数据伪造问题漏洞

rfc3161-client is a Trail of Bits open source software. A data forgery issue vulnerability exists in rfc3161-client versions prior to 1.0.3, which stems from a flaw in the timestamp response signature validation logic that could lead to insufficient signature validation...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature. An attacker can bypass signature validation by introducing a timestamp response signature that chains to a trusted root, allowing acceptance of forged timestamp responses. Remediation...

sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2025-52556 via rfc3161-client (>=0.0.4 <=0.1.2)

rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2025-52556 Source advisory: OSV:GHSA-6QHV-4H7R-2G9M...