Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-2627)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.13.1 : openssl (EulerOS-SA-2025-2627)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-2468)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

EulerOS 2.0 SP13 : openssl (EulerOS-SA-2025-2527)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

EulerOS 2.0 SP13 : openssl (EulerOS-SA-2025-2506)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

TencentOS Server 4: edk2 (TSSA-2025:0850)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0850 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Astra Linux – Vulnerability in OpenSSL

Issue summary: An application attempting to decrypt messages encrypted using password-based encryption in CMS can trigger an out-of-bounds read and write attack. Impact summary: This out-of-bounds read attack may cause a system crash, leading to a denial of service for the application. The...

OESA-2025-2506 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2025-1225)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1225 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2025-008 (ALASOPENSSL-SNAPSAFE-2025-008)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2025-008 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can...

EUVD-2019-10120

Malware in sbrugna...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : OpenSSL vulnerabilities (USN-7786-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7786-1 advisory. Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to...

USN-7786-1 openssl, openssl1.0 vulnerabilities

Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to decrypt CMS messages encrypted with password-based encryption. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-9230 Stanislav Fort discovered that OpenSSL ha...

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

FreeBSD Security Advisory - FreeBSD-SA-25:08.openssl

FreeBSD Security Advisory - FreeBSD includes software from the OpenSSL Project. OpenSSL suffers from some new vulnerabilities. An application trying to decrypt cryptographic message syntax CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. A timing...

OpenSSL 3.0.0 < 3.0.18 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.18. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.18 advisory. - Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy'...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...