Opencryptoki Security Vulnerabilities and Issues — Opencryptoki CVE List

Opencryptoki ProjectOpencryptoki

7 matches found

CVE•added 2024/01/31 4:53 a.m.•221 views

CVE-2024-0914

The CVE-2024-0914 issue affects the opencryptoki package and arises from a timing side-channel while processing RSA PKCS#1 v1.5 padded ciphertexts, enabling potential unauthorized RSA ciphertext decryption or signing without the private key. Connected advisories show OpenCryptoki is affected in v...

5.9CVSS5.3AI score0.00422EPSS

CVE•added 2012/10/10 6:0 p.m.•59 views

CVE-2012-4454

CVE-2012-4454 affects openCryptoki prior to 2.4.1. When using spinlocks, it enables local users to create or set world-writable permissions on arbitrary files via a symlink attack on the files in /tmp named (1) .pkapi_xpk or (2) .pkcs11spinloc. The underlying issue is insecure handling related to...

2.9CVSS6.4AI score0.00655EPSS

CVE•added 2022/08/23 3:48 p.m.•54 views

CVE-2021-3798

CVE-2021-3798 concerns a flaw in openCryptoki where the Soft token fails to validate EC keys created via C_CreateObject or derived with C_DeriveKey using ECDH public data. The underling issue allows a malicious user to extract the private key through an invalid-curve attack. Multiple connected so...

5.5CVSS5.1AI score0.00154EPSS

CVE•added 2012/10/10 6:0 p.m.•50 views

CVE-2012-4455

CVE-2012-4455 affects openCryptoki 2.4.1. Local users can create or set world-writable permissions on arbitrary files via a symlink attack on the /var/lock directory (LCK..opencryptoki or LCK..opencryptoki_stdll). This is a local-privilege and file-permission manipulation issue with CVSS v2 base ...

6.2CVSS6.4AI score0.00024EPSS

CVE•added 2026/01/22 12:1 a.m.•34 views

CVE-2026-23893

CVE-2026-23893 affects openCryptoki (PKCS#11 library) versions 2.3.2 and above. The issue is a symlink-following vulnerability in privileged contexts: a token-group member can plant files/symlinks in group-writable token directories, enabling privilege escalation or data exposure. When run as roo...

6.8CVSS5.9AI score0.00007EPSS

CVE•added 2026/04/16 10:4 p.m.•16 views

CVE-2026-40253

openCryptoki (PKCS#11 library) is affected in versions 3.26.0 and earlier due to BER/DER decoding in the shared asn1.c lacking a buffer length parameter and trusting BER lengths, enabling out-of-bounds reads when malformed BER objects are provided via C_CreateObject, C_UnwrapKey, token loading, o...

6.8CVSS6.1AI score0.00019EPSS

CVE•added 2026/01/13 7:6 p.m.•10 views

CVE-2026-22791

CVE-2026-22791 affects the openCryptoki PKCS#11 library for Linux/AIX. The vulnerability is a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation triggered by supplying a compressed EC public key and calling C_WrapKey, allowing a local attacker to cause out-of-bounds writes in the ho...

6.6CVSS6.6AI score0.00022EPSS