VYPR

rpm package

almalinux/opencryptoki-ep11tok

pkg:rpm/almalinux/opencryptoki-ep11tok

Vulnerabilities (3)

  • CVE-2026-40253MedApr 16, 2026
    affected < 3.22.0-3.el8_10.3fixed 3.22.0-3.el8_10.3

    openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields withou

  • CVE-2026-23893Jan 22, 2026
    affected < 3.22.0-3.el8_10.2fixed 3.22.0-3.el8_10.2

    openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in grou

  • CVE-2024-0914Jan 31, 2024
    affected < 3.21.0-9.el9_3.alma.1fixed 3.21.0-9.el9_3.alma.1

    A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.