CVE-2026-4733
Exposure of Sensitive Data in ixray-1.6-stcop Before
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ixray-team | ixray-1.6-stcop | to 1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ixray-1.6-stcop is related to a memory leak issue when parsing ASN.1 combined structures such as PKCS#7 or CMS data. The problem arises because, on error, a pointer to the parent structure is incorrectly zeroed, causing additional components in the parent structure to be leaked. This issue stems from the project using a cloned OpenSSL file that did not receive a critical security patch addressing this problem.
The vulnerability corresponds to CVE-2015-3195 in the original OpenSSL project and was fixed by applying a patch that prevents zeroing the parent pointer on error, thereby eliminating the memory leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak during the parsing of certain cryptographic data structures. While it does not directly compromise confidentiality, integrity, or availability of data, the memory leak could potentially be exploited to degrade system performance or cause denial of service by exhausting memory resources.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to a memory leak in the ixray-1.6-stcop project when parsing ASN.1 combined structures such as PKCS#7 or CMS data. Detection would involve identifying if the vulnerable version of ixray-1.6-stcop (before 1.3) is in use and if it processes such ASN.1 data.
No specific detection commands or network/system scanning commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ixray-1.6-stcop to version 1.3 or later, where the fix for this vulnerability has been applied.
The fix involves applying a patch from OpenSSL that prevents the memory leak by correctly handling the parent pointer during ASN.1 decoding errors.