Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/04/04 4:59 a.m.3 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 3:39 a.m.1 views

GHSA-9M44-RR2W-PPP7 Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

8.8CVSS6.2AI score0.00472EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 3:39 a.m.4 views

EUVD-2026-18570

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:39 a.m.7 views

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

7.5CVSS6.2AI score0.00472EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/03 3:16 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

7.5CVSS0.00472EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/03 1:32 a.m.15 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

0.00472EPSS
Exploits1References1
CVE
CVE
added 2026/04/03 1:32 a.m.13 views

CVE-2026-28815

CVE-2026-28815 concerns Swift Crypto’s X-Wing HPKE decapsulation path. The issue arises when an attacker-supplied encapsulatedKey is shorter than the required 1120 bytes; the implementation forwards the data to a C API without runtime length validation, enabling an out-of-bounds read in the decap...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 1:32 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 1:32 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-29972

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.7 views

Swift Crypto 安全漏洞

Swift Crypto is an open-source cross-platform encryption library developed by Apple. Versions of Swift Crypto prior to 4.3.1 contained a security vulnerability. This vulnerability was caused by remote attackers who could provide short X-Wing HPKE encapsulation keys and trigger out-of-bound reads ...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References1
Rows per page
Query Builder