46 matches found
JLSEC-2026-264 Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code...
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
Sigstore Timestamp Authority 安全漏洞
Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...
K000160560: OpenSSL vulnerability CVE-2025-69420
Security Advisory Description Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Respons...
Amazon Linux 2 : openssl, --advisory ALAS2-2026-3168 (ALAS-2026-3168)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3168 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writ...
Important: openssl11
Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths,...
Siemens SIMATIC S7-1500 Improper Check for Unusual or Exceptional Conditions (CVE-2025-69420)
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-005342)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005342 advisory. Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating...
SUSE CVE-2025-69420
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
openssl: OpenSSL: Denial of Service via malformed TimeStamp Response
A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies...
openssl: OpenSSL: Denial of Service via malformed TimeStamp Response
A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies...
AlmaLinux 10 : openssl (ALSA-2026:1472)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1472 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or...
AZL-75585 CVE-2025-69420 affecting package openssl for versions less than 1.1.1k-38
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
AZL-75269 CVE-2025-69420 affecting package openssl for versions less than 3.3.5-3
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
CVE-2025-69420
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
CVE-2025-69420
CVE-2025-69420 is an OpenSSL vulnerability: a type confusion in the TimeStamp Response verification path (TS_RESP_verify_response) where an ASN1_TYPE union member is used without type validation, enabling a NULL dereference and Denial of Service. OpenSSL 3.0, 3.3, 3.4, 3.5, 3.6 and 1.1.1 are list...
EUVD-2025-206394
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...