9 matches found
openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...
CVE-2026-34181
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...
JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
AZL-76155 CVE-2026-22795 affecting package hvloader for versions less than 1.0.1-18
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...
EUVD-2026-4815
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...
nss: Arbitrary memory write via PKCS 12
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
nss: Arbitrary memory write via PKCS 12
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
nss: Arbitrary memory write via PKCS 12
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS S/MIME PKCS \#7 or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS X.509 OCSP or CRL functionality may be impacted depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However email clients and PDF viewers that use NSS for signature verification such as Thunderbird LibreOffice Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
...