24 matches found
CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
Linux Distros Unpatched Vulnerability : CVE-2026-0819
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the wcPKCS7BuildSignedAttributes function. An attacker can cause stack or heap memory corruption by providing untrusted input that controls the size of the signedAttribs array, leading to writing beyond th...
EUVD-2026-13131
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
DEBIAN-CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819
wolfSSL's CVE-2026-0819 is a stack buffer overflow in PKCS7 SignedData encoding. In wc_PKCS7_BuildSignedAttributes(), when adding custom attributes, EncodeAttributes() is given esd->signedAttribsCount instead of the remaining space in the fixed-size signedAttribs[7] array. If pkcs7->signedA...
CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
CVE-2026-0819
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...
PT-2026-26312
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc PKCS7 BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available spa...
UBUNTU-CVE-2024-45236
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...
UBUNTU-CVE-2024-45234
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...
SUSE CVE-2009-0591
The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...
ROBOT Attack
Bouncy Castle Cryptography API is vulnerable to ROBOT attack. The vulnerability exists due to the usage of simple RSA CMS signatures without signed attributes...
openSUSE Security Update : freeradius-server (openSUSE-2017-1192)
This update for freeradius-server fixes the following issues : Fix a number of security issues found via fuzzing by Guido Vranken See http://freeradius.org/security/fuzzer-2017.html for details. boo1049086 - CVE-2017-10987 / FR-GV-304: DHCP - Buffer over-read in frdhcpdecodesuboptions -...
OpenSSL 0.9.8 < 0.9.8k Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.8k. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8k advisory. - OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remo...