NIXPKGS-2026-1042

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-5504

updated 2 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 2 weeks ago
@LeSuisse accepted 2 months, 2 weeks ago
@LeSuisse published on GitHub 2 months, 2 weeks ago

PKCS7 CBC Padding Oracle — Plaintext Recovery

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

References

https://github.com/wolfSSL/wolfssl/pull/10088

Affected products

wolfSSL

=<5.9.0

Matching in nixpkgs

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

nixos-unstable 5.9.0
- nixpkgs-unstable 5.9.0
- nixos-unstable-small 5.9.0

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@vifino Adrian Pistol <vifino@tty.sh>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1042

References

Affected products

Matching in nixpkgs

pkgs.wolfssl

Package maintainers