41 matches found
JLSEC-2026-224 SM2 Decryption Buffer Overflow
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Linux Distros Unpatched Vulnerability : CVE-2026-32877
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3...
CVE-2026-32877
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...
CVE-2026-32877 Botan: Heap Buffer Over-read in SM2 Decryption via Undersized C3 Hash Field
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...
Botan 缓冲区错误漏洞
Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 2.3.0 to 3.11.0 contained a buffer error vulnerability. This vulnerability stemmed from the failure to check the expected length of the authentication code value during the SM2 decryption...
CVE-2026-23966
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23966
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
sm-crypto data forgery vulnerability
sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data manipulation vulnerability. This vulnerability stemmed from defects in the SM2 decryption logic, which could lead to the recovery of private keys...
CVE-2026-22699
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
EUVD-2026-1874
RustCrypto Has Insufficient Length Validation in decrypt in SM2-PKE...
GHSA-J9XQ-69PF-PCM8 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...
CVE-2026-22699
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
EUVD-2026-1875
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
RustCrypto: Elliptic Curves 输入验证错误漏洞
RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. An input validation error vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from a failure to check for invalid elliptic curve points in the decryption path...
IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)
The version of IBM Cognos Analytics installed on the remote host is prior to 11.1.7 FP8, 11.2.4 FP3, or 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Bulletin No. 7123154, including the following: - When deserializing untrusted or corrupted data,...
GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...
CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
GLSA-202209-02 : IBM Spectrum Protect: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-02 IBM Spectrum Protect: Multiple Vulnerabilities - IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale...