RHEL 9 : openssl (RHSA-2026:1473)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1473 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

RHEL 10 : openssl (RHSA-2026:1472)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1472 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Debian: Security Advisory (DSA-6113-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7980-2 openssl, openssl1.0 vulnerabilities

USN-7980-2 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2025-68160 for openssl and openssl1.0, CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69420 for...

USN-7980-2: OpenSSL vulnerabilities

USN-7980-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2025-68160 for openssl and openssl1.0, CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69420 for...

[SECURITY] [DSA 6113-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6113-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 27, 2026 https://www.debian.org/security/faq -...

USN-7980-1 openssl vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

USN-7980-1: OpenSSL vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow or null pointer dereference in pkcs12/p12mutl.c‎. If a user can be convinced to process a malicious PKCS12 file, malicious keylength or salt values can be used to cause a crash. Subsequently, in the case of...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. up to 22 MiB when allocating buffers for CompressedCertificate messages on a TLS 1.3 connection with certificate compression. An attacker can cause service degradation or resource exhaustion...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the non-default BIOflinebuffer filter. An attacker who can cause writes of large, newline-free data to an application using this filter with a BIO chain that can short-write, may cause a crash. This data is unlike...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing a CMS AuthEnvelopedData message. An attacker can trigger a crash by supplying AEAD ciphers such as AES-GCM with malicious initialization vectors. These are encoded in the ASN.1 parameters and...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the openssl dgst command-line tool, which silently truncates input data to 16MB when using one-shot signing algorithms. Signatures for payloads larger than 16MB may appear to be valid...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the OPENSSLuni2utf8 function. If a user can be convinced to process a malicious PKCS12 file, the attacker can supply a BMPString UTF-16BE friendly name containing a non-ASCII BMP code point, which triggers...

Type Confusion

Overview Affected versions of this package are vulnerable to Type Confusion in the TSRESPverifyresponse function. An ASN1TYPE union member is accessed without first validating the type, causing an invalid or null pointer dereference when processing a malformed TimeStamp Response file. An attacker...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when processing QUIC data in the SSLCIPHERfind function. An attacker can interrupt service by sending an unknown or unsupported cipher ID. Remediation Upgrade openssl to version 3.3.6, 3.4.4, 3.5.5, 3.6.1 or...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step that exposes the final 1-15 bytes of a message when the low-level OCB API is used directly with AES-NI or other hardware accelerated code paths. Common implementations of openssl using EVP are not vulnerable...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the PKCS12itemdecryptd2iex function, when processing a malformed PKCS12 file. An attacker who can supply such a file to a vulnerable application can cause denial of service. There is no evidence that this can...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions causing an invalid read of a single byte. An attacker who can convince an application to accept and process an untrusted PKCS12 file can cause denial of service. Remediation Upgrade...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the signature verification in the PKCS7digestfromattributes function. An attacker can cause a denial of service by triggering NULL pointer dereference with malformed PKCS7 data...