175 matches found
Astra Linux – Vulnerability in nss, Thunderbird
Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...
Astra Linux – Vulnerability in Thunderbird
Thunderbird versions prior to 91.3.0 are vulnerable to a heap overflow vulnerability described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA ...
CVE-2026-33996
A flaw was found in LibJWT, a C JSON Web Token Library. When parsing JSON Web Key JWK files for RSA-PSS, the library did not correctly handle cases where NULL values were encountered instead of expected string values. An attacker could exploit this vulnerability by providing a specially crafted J...
Linux Distros Unpatched Vulnerability : CVE-2026-33996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value whe...
DEBIAN-CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
UBUNTU-CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT (C, the JSON Web Token library) versions prior to 3.3.0 are affected by a NULL value handling bug in JWK parsing for RSA-PSS. In 3.0.0–3.2.x, the parser could misinterpret integers where strings were expected, potentially enabling malformed JWKs to affect parsing. The issue was fixed in 3....
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
EUVD-2026-16899
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...
PT-2026-28589
Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.2.9 Description LibJWT, a C JSON Web Token Library, has an issue in the RSA-PSS JWK parsing functionality. Versions prior to 3.3.0 do not adequately validate JSON string values, specifically failing to protect...
libjwt 代码问题漏洞
LibJWT is a C-language library developed by Ben Collins, designed for generating and verifying JSON Web Tokens. Versions of LibJWT from 3.0.0 to 3.3.0 contained code vulnerabilities. These vulnerabilities stemmed from RSA-PSS’s JWK parsing mechanism, which did not properly handle empty values,...
EUVD-2021-30458
Malicious code in bioql PyPI...
EUVD-2022-2949
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-36177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. CVE-2020-36177...