Lucene search
K

1469 matches found

CVE
CVE
added 2026/03/19 9:17 p.m.19 views

CVE-2026-4159

CVE-2026-4159: A 1-byte out-of-bounds heap read in wolfSSL’s wc_PKCS7_DecodeEnvelopedData can be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Affected software: wolfSSL 5.8.4 and earlier; root cause is a 1-byte OOB read during enveloped data decoding. Impac...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/19 9:17 p.m.3 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.2AI score0.00095EPSS
Exploits0
EUVD
EUVD
added 2026/03/19 3:31 p.m.3 views

EUVD-2026-13105

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 3:16 p.m.2 views

CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS0.0042EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 3:16 p.m.1 views

UBUNTU-CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS6AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 2:20 p.m.23 views

CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

6.5CVSS0.0042EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 2:20 p.m.4 views

CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

6.5CVSS6AI score0.0042EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 2:20 p.m.3 views

CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

6.5CVSS6AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 2:20 p.m.21 views

CVE-2026-2369

A vulnerability CVE-2026-2369 exists in libsoup where an integer underflow occurs when processing content with a zero-length resource, causing a buffer overread. Connected sources indicate this affects libsoup versions older than 3.4.4-14, with a patched release available (3.4.4-14). Potential im...

9.1CVSS5.9AI score0.0042EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/19 2:20 p.m.7 views

CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS5.6AI score0.0042EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26376

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.4 and earlier Description An out-of-bounds heap read issue exists in the wc PKCS7 DecodeEnvelopedData function when processing crafted CMS EnvelopedData messages containing zero-length encrypted content. This issue could...

3.3CVSS5.1AI score0.00095EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.6 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. WolfSSL CyaSSL versions 5.8.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a 1-byte out-of-bounds hea...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32320

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...

7.5CVSS0.00185EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/13 12:34 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the processing of a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings. An attacker can cause the process to crash and disrupt...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 9:34 p.m.3 views

CVE-2026-32320 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...

6.5CVSS5.8AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 9:34 p.m.22 views

CVE-2026-32320

Ella Core (5G private-net core) is affected by a DoS when processing a PathSwitchRequest that contains UE Security Capabilities with zero-length NR encryption or integrity protection bitstrings. The issue can crash the process via crafted NGAP messages, leading to service disruption for all conne...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 9:34 p.m.30 views

CVE-2026-32320 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...

6.5CVSS0.00185EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/12 8:33 p.m.9 views

Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Summary Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process,...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/06 7:16 p.m.7 views

AZL-79589 CVE-2025-69652 affecting package binutils 2.37-20

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

6.2CVSS6.2AI score0.00173EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 7:16 p.m.7 views

AZL-79565 CVE-2025-69652 affecting package binutils 2.41-10

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

6.2CVSS6.2AI score0.00173EPSS
Exploits1References1
Rows per page
Query Builder