CVE-2026-34182

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

PT-2026-47831

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

SUSE-SU-2026:20607-1 Security update for openssl-3-livepatches

This update for openssl-3-livepatches fixes the following issues: - CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: Fixed NULL...

OESA-2026-1312 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

Exploit for CVE-2025-15467

CVE-2025-15467: OpenSSL CMS AuthEnvelopedData Stack Buffer Ove...

USN-7980-1: OpenSSL vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

ALPINE-CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

CVE-2025-15467

CVE-2025-15467 affects OpenSSL 3.x (3.0–3.6); parsing CMS AuthEnvelopedData with AEAD ciphers (e.g., AES-GCM) can overflow a fixed-size stack buffer when the ASN.1 IV is oversized. This leads to a stack-based write before authentication, causing Denial of Service and potentially remote code execu...

Linux Distros Unpatched Vulnerability : CVE-2025-15467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

OpenSSL security vulnerabilities

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...