EUVD-2026-39578

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

CVE-2026-10098

CVE-2026-10098: In wolfSSL_OCSP_resp_find_status, OCSP CertID serial-number length-confusion allows a same-issuer SingleResponse whose serial is a prefix of the target’s to be reported as the status of another certificate. The vulnerability arises because the lookup compares serial-number bytes w...

PT-2026-52590

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2022-2609)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OC...

The vulnerability of the EXI syntax analysis function in communication devices that connect vehicles to the OpenV2G network allows a perpetrator to cause service interruptions.

The vulnerability of the EXI file syntax analysis implementation in vehicle communication devices connected to the OpenV2G network is related to the issue where the operation goes beyond the buffer boundaries in memory during the verification of the length of X509 certificates’ serial numbers...

Updated gnutls packages fix security vulnerability

An issue was found in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid CVE-2016-7444...

ALPINE-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

DEBIAN-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

UBUNTU-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...