Lucene search
K
Opencryptoki ProjectOpencryptoki

7 matches found

CVE
CVE
added 2024/01/31 4:53 a.m.226 views

CVE-2024-0914

The CVE-2024-0914 issue affects the opencryptoki package and arises from a timing side-channel while processing RSA PKCS#1 v1.5 padded ciphertexts, enabling potential unauthorized RSA ciphertext decryption or signing without the private key. Connected advisories show OpenCryptoki is affected in v...

5.9CVSS5.3AI score0.00878EPSS
CVE
CVE
added 2012/10/10 6:0 p.m.62 views

CVE-2012-4454

CVE-2012-4454 affects openCryptoki prior to 2.4.1. When using spinlocks, it enables local users to create or set world-writable permissions on arbitrary files via a symlink attack on the files in /tmp named (1) .pkapi_xpk or (2) .pkcs11spinloc. The underlying issue is insecure handling related to...

2.9CVSS6.4AI score0.01029EPSS
CVE
CVE
added 2022/08/23 3:48 p.m.59 views

CVE-2021-3798

CVE-2021-3798 concerns a flaw in openCryptoki where the Soft token fails to validate EC keys created via C_CreateObject or derived with C_DeriveKey using ECDH public data. The underling issue allows a malicious user to extract the private key through an invalid-curve attack. Multiple connected so...

5.5CVSS5.1AI score0.00263EPSS
CVE
CVE
added 2012/10/10 6:0 p.m.56 views

CVE-2012-4455

CVE-2012-4455 affects openCryptoki 2.4.1. Local users can create or set world-writable permissions on arbitrary files via a symlink attack on the /var/lock directory (LCK..opencryptoki or LCK..opencryptoki_stdll). This is a local-privilege and file-permission manipulation issue with CVSS v2 base ...

6.2CVSS6.4AI score0.00359EPSS
CVE
CVE
added 2026/01/22 12:1 a.m.47 views

CVE-2026-23893

CVE-2026-23893 affects openCryptoki (PKCS#11 library) versions 2.3.2 and above. The issue is a symlink-following vulnerability in privileged contexts: a token-group member can plant files/symlinks in group-writable token directories, enabling privilege escalation or data exposure. When run as roo...

6.8CVSS5.9AI score0.00162EPSS
CVE
CVE
added 2026/04/16 10:4 p.m.33 views

CVE-2026-40253

openCryptoki (PKCS#11 library) is affected in versions 3.26.0 and earlier due to BER/DER decoding in the shared asn1.c lacking a buffer length parameter and trusting BER lengths, enabling out-of-bounds reads when malformed BER objects are provided via C_CreateObject, C_UnwrapKey, token loading, o...

6.8CVSS6.1AI score0.0016EPSS
CVE
CVE
added 2026/01/13 7:6 p.m.17 views

CVE-2026-22791

CVE-2026-22791 affects the openCryptoki PKCS#11 library for Linux/AIX. The vulnerability is a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation triggered by supplying a compressed EC public key and calling C_WrapKey, allowing a local attacker to cause out-of-bounds writes in the ho...

6.6CVSS6.6AI score0.00237EPSS