14 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-4159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the wcPKCS7DecodeEnvelopedData function when processing a crafted CMS EnvelopedData message containing zero-length encrypted content. An attacker can cause a 1-byte out-of-bounds heap read by supplying such a...
CVE-2026-4159
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
DEBIAN-CVE-2026-4159
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-4159
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-4159
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-4159
CVE-2026-4159: A 1-byte out-of-bounds heap read in wolfSSL’s wc_PKCS7_DecodeEnvelopedData can be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Affected software: wolfSSL 5.8.4 and earlier; root cause is a 1-byte OOB read during enveloped data decoding. Impac...
CVE-2026-4159
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-2369
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...
CVE-2026-2369
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...
PT-2026-26376
Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.4 and earlier Description An out-of-bounds heap read issue exists in the wc PKCS7 DecodeEnvelopedData function when processing crafted CMS EnvelopedData messages containing zero-length encrypted content. This issue could...
HTTP Request Smuggling
puma is vulnerable to HTTP Request Smuggling. The vulnerability exists due to processing zero-length content-Length headers and chunked transfer encoding bodies in client.rb, allowing an attacker to smuggle HTTP requests...