Filtered by vendor Ribose
Subscriptions
Filtered by product Rnp
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13470 | 1 Ribose | 1 Rnp | 2025-11-24 | 7.5 High |
| In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release can be decrypted trivially by supplying an all-zero session key, fully compromising confidentiality. The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption (SKESK packets) is not affected. Root cause: Vulnerable session key buffer used in PKESK packet generation. The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization logic inside `encrypted_build_skesk()` only randomized the key for the SKESK path and omitted it for the PKESK path. | ||||
| CVE-2023-29479 | 2 Redhat, Ribose | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-11-21 | 5.3 Medium |
| Ribose RNP before 0.16.3 may hang when the input is malformed. | ||||
| CVE-2021-33589 | 1 Ribose | 1 Rnp | 2025-02-04 | 7.5 High |
| Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | ||||
| CVE-2023-29480 | 1 Ribose | 1 Rnp | 2025-02-04 | 7.5 High |
| Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. | ||||
Page 1 of 1.