Simo Sorce

**Name of the Vulnerable Software and Affected Versions** OpenSSL FIPS modules versions 3.0 through 3.6 **Description** Applications using RSASVE key encapsulation can send contents of an uninitialized memory buffer to a malicious peer, potentially leading to sensitive data leakage. This occurs when applications use `EVP PKEY encapsulate()` with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key. The `RSA public encrypt()` function returns the number of bytes written on success and -1 on error, but the affected code only checks if the return value is non-zero. If RSA encryption fails, the encapsulation can still return success, allowing the caller to use uninitialized ciphertext. Calling `EVP PKEY public check()` or `EVP PKEY public check quick()` before `EVP PKEY encapsulate()` can mitigate this issue. **Recommendations** Apply the OpenSSL April 2026 security update immediately. If you cannot update immediately, call `EVP PKEY public check()` or `EVP PKEY public check quick()` before `EVP PKEY encapsulate()` as a mitigation. Audit uses of RSASVE/`EVP PKEY encapsulate()` and ensure public keys are validated prior to encapsulation. Rotate keys/secrets if exposure is suspected.

**Name of the Vulnerable Software and Affected Versions** pkcs11-provider (affected versions not specified) **Description** A security issue has been identified in the pkcs11-provider, associated with Public-Key Cryptography Standards (PKCS#11). If exploited, this could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#11 1.5 decryption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeIPA version 4.4.0 **Description** The issue allows remote attackers to request an arbitrary SAN name for services. **Recommendations** For FreeIPA version 4.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (aka krb5) versions prior to 1.13.4 MIT Kerberos 5 (aka krb5) versions 1.14.x prior to 1.14.1 **Description** The issue is related to multiple memory leaks in the kadmin/server/server stubs.c file in kadmind, which can be exploited by remote authenticated users to cause a denial of service through memory consumption. This can be achieved by sending a request with a NULL principal name. **Recommendations** For versions prior to 1.13.4, update to version 1.13.4 or later. For versions 1.14.x prior to 1.14.1, update to version 1.14.1 or later.

**Name of the Vulnerable Software and Affected Versions** 389 Directory Server versions prior to 1.3.3.10 **Description** The issue allows attackers to bypass intended access restrictions and modify directory entries. This is achieved through a crafted ldapmodrdn call. **Recommendations** For versions prior to 1.3.3.10, update to version 1.3.3.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the ldapmodrdn functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** mit-krb5 versions 1.9 through 1.9.2 mit-krb5 versions prior to 1.9.2-r1 **Description** The issue affects the Key Distribution Center (KDC) in MIT Kerberos 5, allowing remote authenticated users to cause a denial of service via a crafted TGS request. This can lead to a NULL pointer dereference and daemon crash. The vulnerability may compromise the confidentiality, integrity, and availability of protected information. **Recommendations** For mit-krb5 versions 1.9 through 1.9.2, update to version 1.9.2-r1 or later to resolve the issue. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `process tgs req` function in the Key Distribution Center (KDC) to minimize the risk of exploitation.