rpm package
opensuse/openCryptoki&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openCryptoki&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40253 | Med | 6.8 | < 3.26.0-6.1 | 3.26.0-6.1 | Apr 16, 2026 | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields withou | |
| CVE-2026-23893 | — | < 3.26.0-4.1 | 3.26.0-4.1 | Jan 22, 2026 | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in grou | ||
| CVE-2026-22791 | — | < 3.26.0-3.1 | 3.26.0-3.1 | Jan 13, 2026 | openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a com | ||
| CVE-2024-0914 | — | < 3.23.0-4.1 | 3.23.0-4.1 | Jan 31, 2024 | A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. |
- affected < 3.26.0-6.1fixed 3.26.0-6.1
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields withou
- CVE-2026-23893Jan 22, 2026affected < 3.26.0-4.1fixed 3.26.0-4.1
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in grou
- CVE-2026-22791Jan 13, 2026affected < 3.26.0-3.1fixed 3.26.0-3.1
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a com
- CVE-2024-0914Jan 31, 2024affected < 3.23.0-4.1fixed 3.23.0-4.1
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.