CVE-2026-22791 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP…
Medium CVSS: 6.6

CVE-2026-22791

openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.
Vendor
Opencryptoki Project
Product
Opencryptoki
CWE
CWE-131
Yayın Tarihi
2026-01-13 19:16:26
Güncelleme
2026-02-03 18:47:15
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-131 Opencryptoki MEDIUM Opencryptoki Project 2026

Referanslar

https://github.com/opencryptoki/opencryptoki/commit/785d7577e1477d12fbe235554e7e7b24f2de34b7 https://github.com/opencryptoki/opencryptoki/commit/e37e9127deeeb7bf3c3c4d852c594256c57ec3a8 https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-26f5-3mwq-4wm7