2 matches found
Security Bulletin: IBM i is affected by multiple vulnerabilities in OpenSSL
Summary OpenSSL for IBM i is vulnerable to heap-based out-of-bounds write when parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters CVE-2025-15467, writing large, newline-free data into a BIO chain CVE-2025-68160, or calling PKCS12getfriendlyname functio...
Important: openssl11
Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths,...