OpenSSL 1.0.2 < 1.0.2zm Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zm. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zm advisory. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : OpenSSL vulnerabilities (USN-7786-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7786-1 advisory. Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to...

Linux Distros Unpatched Vulnerability : CVE-2025-9232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the...

Linux Distros Unpatched Vulnerability : CVE-2025-9231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM...

Debian dsa-6015 : libcrypto3-udeb - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6015 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6015-1 [email protected]...

OpenSSL 3.2.0 < 3.2.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.2.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.6 advisory. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm...

DSA-6015-1 openssl - security update

Bulletin has no description...

OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Linux

OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Windows

OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL DoS Vulnerability (20250930, CVE-2025-9232) - Windows

OpenSSL is prone to a denial of service DoS vulnerability due to an out-of-bounds read in HTTP client noproxy handling. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OpenSSL DoS Vulnerability (20250930, CVE-2025-9232) - Linux

OpenSSL is prone to a denial of service DoS vulnerability due to an out-of-bounds read in HTTP client noproxy handling. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OpenSSL DoS Vulnerability (20250930, CVE-2025-9230) - Windows

OpenSSL is prone to a denial of service DoS vulnerability due to a out-of-bounds read & write in RFC 3211 KEK Unwrap. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OpenSSL DoS Vulnerability (20250930, CVE-2025-9230) - Linux

OpenSSL is prone to a denial of service DoS vulnerability due to a out-of-bounds read & write in RFC 3211 KEK Unwrap. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via SM2 algorithm implementation on 64 bit ARM platforms. An attacker can recover private keys by performing high-precision timing measurements in a specialized attack setup. Note: Since OpenSSL does not directly support...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the kekunwrapkey function. An attacker can cause application instability, crash, or potentially execute arbitrary code by sending CMS messages encrypted using password based encryption to trigger out-of-bounds...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to a missing NULL byte termination after strncpy call. An attacker can cause a crash and disrupt application availability by triggering an out-of-bounds read if API functions of OpenSSL HTTP client are used while...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2025:03443-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2025:03442-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232...