Description
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.
Published: 2026-01-13
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑bounds writes that can corrupt the heap, leading to denial of service
Action: Patch
AI Analysis

Impact

openCryptoki, versions 3.25.0 and 3.26.0, includes a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation of C_WrapKey. When an attacker supplies a compressed elliptic‑curve public key and invokes C_WrapKey, the library calculates an incorrect buffer size, causing out‑of‑bounds writes on the heap. This corruption can destabilize the affected process and may be exploited to crash the host application, which results in a denial‑of‑service scenario.

Affected Systems

The vulnerability applies to the opencryptoki project’s opencryptoki library on Linux and AIX. Affected binaries are version 3.25.0 and 3.26.0. No other releases are impacted in the current data set.

Risk and Exploitability

The CVSS base score is 6.6, indicating moderate severity. The EPSS score is below 1%, representing a very low expected exploitation probability at present. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. Because the bug manifests when a local process invokes C_WrapKey with a crafted key, the attack vector is local privilege, and an attacker would need code execution or the ability to influence the key input for a running process that uses this library. If such conditions are met, the out‑of‑bounds write could corrupt heap structures and crash the application.

Generated by OpenCVE AI on April 18, 2026 at 06:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade opencryptoki to the latest release that includes the buffer‑size fix, or apply the vendor patches identified in the official advisories.
  • If upgrading is not immediately possible, rebuild the library from source with the patched code committed in the vendor repository to ensure correct buffer size handling.
  • When a rapid fix is unavailable, disable or avoid the CKM_ECDH_AES_KEY_WRAP mechanism in your applications, or terminate processes that rely on it until a patched version is deployed.

Generated by OpenCVE AI on April 18, 2026 at 06:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:opencryptoki_project:opencryptoki:3.25.0:*:*:*:*:*:*:*
cpe:2.3:a:opencryptoki_project:opencryptoki:3.26.0:*:*:*:*:*:*:*

Thu, 15 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Ibm
Ibm aix
Linux
Linux linux
Opencryptoki Project
Opencryptoki Project opencryptoki
Vendors & Products Ibm
Ibm aix
Linux
Linux linux
Opencryptoki Project
Opencryptoki Project opencryptoki

Tue, 13 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Description openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.
Title openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP
Weaknesses CWE-131
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Ibm Aix
Linux Linux
Opencryptoki Project Opencryptoki
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T19:44:53.120Z

Reserved: 2026-01-09T18:27:19.388Z

Link: CVE-2026-22791

cve-icon Vulnrichment

Updated: 2026-01-13T19:44:48.684Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T19:16:26.710

Modified: 2026-02-03T18:47:15.253

Link: CVE-2026-22791

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-13T19:06:41Z

Links: CVE-2026-22791 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses