openCryptoki Project openCryptoki 2.3.2

CPE Details

openCryptoki Project openCryptoki 2.3.2
opencryptoki_project
opencryptoki
2.3.2
2022-08-26
10h24 +00:00
2022-08-26
10h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.2:*:*:*:*:*:*:*

Informations

Vendor

opencryptoki_project

Product

opencryptoki

Version

2.3.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-0914 2024-01-31 04h53 +00:00 A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
5.9
Medium
CVE-2021-3798 2022-08-23 13h48 +00:00 A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
5.5
Medium
CVE-2012-4454 2012-10-10 16h00 +00:00 openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
2.9