Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Jan 13, 2026
openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP
CVE-2026-22791
Description
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8v3.25.0, v3.26.0+ 1 more
- (no CPE)range: v3.25.0, v3.26.0
- (no CPE)range: >=3.25.0 <=3.26.0
- osv-coords6 versionspkg:rpm/opensuse/openCryptoki&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/openCryptoki&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Micro%206.2
< 3.26.0-160000.1.1+ 5 more
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-3.1
- (no CPE)range: < 3.26.0-150700.5.9.1
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-160000.1.1
Patches
Vulnerability mechanics
References
3- github.com/opencryptoki/opencryptoki/commit/785d7577e1477d12fbe235554e7e7b24f2de34b7mitrex_refsource_MISC
- github.com/opencryptoki/opencryptoki/commit/e37e9127deeeb7bf3c3c4d852c594256c57ec3a8mitrex_refsource_MISC
- github.com/opencryptoki/opencryptoki/security/advisories/GHSA-26f5-3mwq-4wm7mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.