Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PKCS7VerifySignedData process. An attacker can cause the application to read memory outside the bounds of a heap buffer by submitting a specially crafted PKCS7 message. Remediation Upgrade wolfssl to version...

CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

UBUNTU-CVE-2026-0819

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...

EUVD-2019-3425

Malware in sbrugna...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Informix Genero (CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792 & CVE-2015-4000)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Informix Genero. Informix Genero has addressed the applicable CVEs...

S/MIME Message Takeover

thunderbird is vulnerable to S/MIME Message Takeover Attacks. A malicious S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature despite the signer having no access to the contents of the encrypted message...

CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

Mozilla Thunderbird < 68.1.1

The version of Thunderbird installed on the remote Windows host is prior to 68.1.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-32 advisory. - A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid...

Security vulnerabilities fixed in - Thunderbird 68.1.1 — Mozilla

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Networking Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)

Summary The following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below. Vulnerability Details Summary The following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below. Vulnerability Details: CVE-ID:...

Vulnerability in OpenSSL - CMS verify infinite loop with unknown hash function

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. Found by Johannes Bauer...