CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

RHEL 10 : edk2 (RHSA-2026:18320)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18320 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU...

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the securi...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:03441-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03441-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...

SUSE SLES15: libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-32bit / etc (SUSE-SU-2025:03438-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03438-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ALSA-2025:21255 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the securi...

SUSE-SU-2025:03437-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232...

unwrap() can be called by anybody leading to loss of funds.

Handle GeekyLumberjack Vulnerability details Impact The caller of unwrap would receive all of the unwrapped convex tokens. Potentially depriving the user of all collateral and any rewards. Proof of Concept This portion of the readme describes the process that leads to the vulnerability. To repay ...