CNNVD-202601-2009 Information

CNNVD ID

CNNVD-202601-2009

Related CVE

CVE-2026-22791

• CNNVD Published: 2026-01-13

Description (Chinese)

openCryptoki是openCryptoki开源的一个适用于 Linux 的 PKCS#11 库和工具。 openCryptoki 3.25.0版本和3.26.0版本存在安全漏洞，该漏洞源于CKM_ECDH_AES_KEY_WRAP实现存在堆缓冲区溢出，可能导致堆损坏或拒绝服务。

Description (English)

OpenCryptoki is an openCryptoki open source PKCS#11 library and tool for Linux. OpenCryptoki version 3.25.0 and version 3.26.0 contain a security loophole, which originates from the spilling of the CKM EDH AES KEY WRAP, which may lead to pile damage or denial of service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

openCryptoki

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/opencryptoki/opencryptoki/commit/785d7577e1477d12fbe235554e7e7b24f2de34b7 https://github.com/opencryptoki/opencryptoki/commit/e37e9127deeeb7bf3c3c4d852c594256c57ec3a8 https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-26f5-3mwq-4wm7