CLSA-2026-1777541792

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777541792

Upstream

Published

2026-04-30T09:36:38Z

Modified

2026-06-04T09:47:37.195762329Z

Summary

Fix CVE(s): CVE-2026-28390

Details

SECURITY UPDATE: NULL dereference in CMS RSA-OAEP decryption when the optional pSourceFunc parameters field is omitted from a KeyTransportRecipientInfo, leading to a denial of service.
- debian/patches/CVE-2026-28390.patch: check plab->parameter for NULL before accessing its type field in rsacmsdecrypt()
- CVE-2026-28390

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.23+tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777541792.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.23+tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777541792.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.23+tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777541792.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.23+tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777541792.json"