VDB
JLSEC-2026-256
JLSEC-2026-256
PUBLISHED
CVSS 8.800000190734863 HIGH
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can...
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | OpenSSL_jll | 3.0.8+0, 3.5.0+0, 3.0.8+0 |
| Julia | Openresty_jll | 1.27.1+0, 1.27.1+0 |
Timeline
- Apr 27, 2026 CVE Published
- Apr 27, 2026 CVE Updated
References
- http://www.openwall.com/lists/oss-security/2026/01/27/10 url
- http://www.openwall.com/lists/oss-security/2026/02/25/6 url
- https://github.com/advisories/GHSA-wvhq-3h88-rf6g url
- https://github.com/guiimoraes/CVE-2025-15467 url
- https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703 url
- https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9 url
- https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3 url
- https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e url
- https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc url
- https://nvd.nist.gov/vuln/detail/CVE-2025-15467 url
- https://openssl-library.org/news/secadv/20260127.txt url