PT-2026-44386 · Cryptx · Cryptx

Karel Miko

·

Published

2026-05-28

·

Updated

2026-06-10

·

CVE-2026-41565

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 001
Description A stack buffer overflow exists in four AEAD decrypt verify helpers. The XS routines gcm decrypt verify(), ccm decrypt verify(), chacha20poly1305 decrypt verify(), and eax decrypt verify() copy a caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without verifying the length. An attacker-controlled tag exceeding this length can overwrite the stack beyond the buffer.
Recommendations Update to version 0.088 001 or later.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41565
OPENSUSE-SU-2026:10968-1
OPENSUSE-SU-2026:20936-1

Affected Products

Cryptx