Dmitry Belyavskiy

#30700of 53,632
8.5Total CVSS
Vulnerabilities · 2
Low
1
Medium
1
PT-2026-47838
3.7
2026-06-09
Openssl · Openssl · CVE-2026-42768
**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** The `CMS decrypt()` and `PKCS7 decrypt()` functions are susceptible to a Bleichenbacher-style attack, which is an adaptive-chosen-ciphertext side channel. This allows an attacker to use a vulnerable application to decrypt or sign messages using the victim's private RSA key. The issue occurs in two scenarios: first, when the decryption API is used without a recipient certificate, OpenSSL iterates through every `KeyTransRecipientInfo` (KTRI) without stopping at the first success; second, when a recipient certificate is provided but the recipient is not found, a random key is substituted. In both cases, if an attacker can observe error codes or decryption output, they can establish an oracle to decrypt RSA ciphertexts or forge PKCS#1 v1.5 signatures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-47843
4.8
2026-06-09
Openssl · Openssl · CVE-2026-45446
**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.0 through 3.3 **Description** The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data (AAD) when the ciphertext is empty, which allows for the forgery of such messages. In the provider implementation of these ciphers, the expected tag is only computed when the decryption function is invoked with non-empty data. If a caller provides AAD and then calls the `EVP DecryptFinal ex()` function without updating the ciphertext (which occurs when the received ciphertext length is zero), the tag is not recalculated and retains an all-zeros value. Consequently, for AES-GCM-SIV, an attacker can pass authentication using arbitrary AAD, an empty ciphertext, and an all-zeros tag without knowing the key. For AES-SIV, the attack requires the application to reuse the decryption context without resetting the key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.