Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-15467 (GCVE-0-2025-15467)
Vulnerability from cvelistv5 – Published: 2026-01-27 16:01 – Updated: 2026-01-29 14:50
VLAI?
EPSS
Title
Stack buffer overflow in CMS AuthEnvelopedData parsing
Summary
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Stanislav Fort (Aisle Research)
Igor Ustinov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-27T22:04:24.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T14:50:31.874299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T14:50:58.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Ustinov"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\u003cbr\u003ecrafted AEAD parameters can trigger a stack buffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A stack buffer overflow may lead to a crash, causing Denial\u003cbr\u003eof Service, or potentially remote code execution.\u003cbr\u003e\u003cbr\u003eWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\u003cbr\u003eAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\u003cbr\u003ecopied into a fixed-size stack buffer without verifying that its length fits\u003cbr\u003ethe destination. An attacker can supply a crafted CMS message with an\u003cbr\u003eoversized IV, causing a stack-based out-of-bounds write before any\u003cbr\u003eauthentication or tag verification occurs.\u003cbr\u003e\u003cbr\u003eApplications and services that parse untrusted CMS or PKCS#7 content using\u003cbr\u003eAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\u003cbr\u003eBecause the overflow occurs prior to authentication, no valid key material\u003cbr\u003eis required to trigger it. While exploitability to remote code execution\u003cbr\u003edepends on platform and toolchain mitigations, the stack-based write\u003cbr\u003eprimitive represents a severe risk.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"value": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:19.922Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack buffer overflow in CMS AuthEnvelopedData parsing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-15467",
"datePublished": "2026-01-27T16:01:19.922Z",
"dateReserved": "2026-01-06T09:26:41.631Z",
"dateUpdated": "2026-01-29T14:50:58.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-15467\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-01-27T16:16:14.257\",\"lastModified\":\"2026-02-02T18:38:55.073\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\\ncrafted AEAD parameters can trigger a stack buffer overflow.\\n\\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\\nof Service, or potentially remote code execution.\\n\\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\\ncopied into a fixed-size stack buffer without verifying that its length fits\\nthe destination. An attacker can supply a crafted CMS message with an\\noversized IV, causing a stack-based out-of-bounds write before any\\nauthentication or tag verification occurs.\\n\\nApplications and services that parse untrusted CMS or PKCS#7 content using\\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\\nBecause the overflow occurs prior to authentication, no valid key material\\nis required to trigger it. While exploitability to remote code execution\\ndepends on platform and toolchain mitigations, the stack-based write\\nprimitive represents a severe risk.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\\n\\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.19\",\"matchCriteriaId\":\"C76C5F55-5243-4461-82F5-2FEBFF4D59FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"F5292E9E-6B50-409F-9219-7B0A04047AD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.4\",\"matchCriteriaId\":\"B9D3DCAE-317D-4DFB-93F0-7A235A229619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.5\",\"matchCriteriaId\":\"1CAC7CBE-EC03-4089-938A-0CEEB2E09B62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"68352537-5E99-4F4D-B78A-BCF0353A70A5\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260127.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/01/27/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/01/27/10\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-01-27T22:04:24.790Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-15467\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T14:50:31.874299Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T14:50:51.477Z\"}}], \"cna\": {\"title\": \"Stack buffer overflow in CMS AuthEnvelopedData parsing\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Igor Ustinov\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"High\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.19\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-27T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260127.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703\", \"name\": \"3.6.1 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc\", \"name\": \"3.5.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3\", \"name\": \"3.4.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9\", \"name\": \"3.3.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e\", \"name\": \"3.0.19 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\\ncrafted AEAD parameters can trigger a stack buffer overflow.\\n\\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\\nof Service, or potentially remote code execution.\\n\\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\\ncopied into a fixed-size stack buffer without verifying that its length fits\\nthe destination. An attacker can supply a crafted CMS message with an\\noversized IV, causing a stack-based out-of-bounds write before any\\nauthentication or tag verification occurs.\\n\\nApplications and services that parse untrusted CMS or PKCS#7 content using\\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\\nBecause the overflow occurs prior to authentication, no valid key material\\nis required to trigger it. While exploitability to remote code execution\\ndepends on platform and toolchain mitigations, the stack-based write\\nprimitive represents a severe risk.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\\n\\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\u003cbr\u003ecrafted AEAD parameters can trigger a stack buffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A stack buffer overflow may lead to a crash, causing Denial\u003cbr\u003eof Service, or potentially remote code execution.\u003cbr\u003e\u003cbr\u003eWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\u003cbr\u003eAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\u003cbr\u003ecopied into a fixed-size stack buffer without verifying that its length fits\u003cbr\u003ethe destination. An attacker can supply a crafted CMS message with an\u003cbr\u003eoversized IV, causing a stack-based out-of-bounds write before any\u003cbr\u003eauthentication or tag verification occurs.\u003cbr\u003e\u003cbr\u003eApplications and services that parse untrusted CMS or PKCS#7 content using\u003cbr\u003eAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\u003cbr\u003eBecause the overflow occurs prior to authentication, no valid key material\u003cbr\u003eis required to trigger it. While exploitability to remote code execution\u003cbr\u003edepends on platform and toolchain mitigations, the stack-based write\u003cbr\u003eprimitive represents a severe risk.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-01-27T16:01:19.922Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-15467\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-29T14:50:58.363Z\", \"dateReserved\": \"2026-01-06T09:26:41.631Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-01-27T16:01:19.922Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:2072
Vulnerability from csaf_redhat - Published: 2026-02-11 04:49 - Updated: 2026-02-11 07:22Summary
Red Hat Security Advisory: OpenShift Container Platform 4.18.33 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.18.33 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.18.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.33. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2026:2071
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
* glib: Integer overflow in in g_escape_uri_string() (CVE-2025-13601)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.33 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.33. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2026:2071\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n* glib: Integer overflow in in g_escape_uri_string() (CVE-2025-13601)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2072",
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416741"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2072.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.33 bug fix and security update",
"tracking": {
"current_release_date": "2026-02-11T07:22:32+00:00",
"generator": {
"date": "2026-02-11T07:22:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2072",
"initial_release_date": "2026-02-11T04:49:09+00:00",
"revision_history": [
{
"date": "2026-02-11T04:49:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T04:49:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:22:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-418.94.202602022246-0",
"product": {
"name": "rhcos-aarch64-418.94.202602022246-0",
"product_id": "rhcos-aarch64-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-418.94.202602022246-0",
"product": {
"name": "rhcos-ppc64le-418.94.202602022246-0",
"product_id": "rhcos-ppc64le-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-418.94.202602022246-0",
"product": {
"name": "rhcos-s390x-418.94.202602022246-0",
"product_id": "rhcos-s390x-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-418.94.202602022246-0",
"product": {
"name": "rhcos-x86_64-418.94.202602022246-0",
"product_id": "rhcos-x86_64-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0"
},
"product_reference": "rhcos-aarch64-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0"
},
"product_reference": "rhcos-ppc64le-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0"
},
"product_reference": "rhcos-s390x-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
},
"product_reference": "rhcos-x86_64-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13601",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-11-24T12:49:28.274000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416741"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer overflow in in g_escape_uri_string()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13601"
},
{
"category": "external",
"summary": "RHBZ#2416741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914"
}
],
"release_date": "2025-11-24T13:00:15.295000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:49:09+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer overflow in in g_escape_uri_string()"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:49:09+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:49:09+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:2485
Vulnerability from csaf_redhat - Published: 2026-02-10 20:29 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: Insights proxy Container Image
Notes
Topic
Initial GA Release of Red Hat Insights proxy
Details
The Insights proxy Container is used by the Insights proxy product RPM
and serves as an intermediary between cystomer systems in disconnected networks,
air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing
a layer of privary and security for disconnected customer systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2485",
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11187",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13601",
"url": "https://access.redhat.com/security/cve/CVE-2025-13601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14104",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15467",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15468",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15469",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66199",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68160",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69418",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69419",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69420",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69421",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9086",
"url": "https://access.redhat.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22795",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22796",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2485.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-02-11T04:49:50+00:00",
"generator": {
"date": "2026-02-11T04:49:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2485",
"initial_release_date": "2026-02-10T20:29:13+00:00",
"revision_history": [
{
"date": "2026-02-10T20:29:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-10T20:29:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Aab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1770740405"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1770740405"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-12T06:01:02.244669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394750"
}
],
"notes": [
{
"category": "description",
"text": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: libcurl: Curl out of bounds read for cookie path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "RHBZ#2394750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2025-9086.html",
"url": "https://curl.se/docs/CVE-2025-9086.html"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2025-9086.json",
"url": "https://curl.se/docs/CVE-2025-9086.json"
},
{
"category": "external",
"summary": "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6",
"url": "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3294999",
"url": "https://hackerone.com/reports/3294999"
}
],
"release_date": "2025-09-12T05:10:03.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: libcurl: Curl out of bounds read for cookie path"
},
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-13601",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-11-24T12:49:28.274000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416741"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer overflow in in g_escape_uri_string()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13601"
},
{
"category": "external",
"summary": "RHBZ#2416741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914"
}
],
"release_date": "2025-11-24T13:00:15.295000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer overflow in in g_escape_uri_string()"
},
{
"cve": "CVE-2025-14104",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-05T14:16:36.004000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419369"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "RHBZ#2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T20:29:13+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
RHSA-2026:1503
Vulnerability from csaf_redhat - Published: 2026-01-28 17:17 - Updated: 2026-02-11 07:19Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1503",
"url": "https://access.redhat.com/errata/RHSA-2026:1503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1503.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:19:04+00:00",
"generator": {
"date": "2026-02-11T07:19:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1503",
"initial_release_date": "2026-01-28T17:17:47+00:00",
"revision_history": [
{
"date": "2026-01-28T17:17:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T17:17:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:19:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"product": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"product_id": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-7.el9_6.2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"product": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"product_id": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-7.el9_6.2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-7.el9_6.2.i686",
"product": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.i686",
"product_id": "openssl-devel-1:3.2.2-7.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-7.el9_6.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"product": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"product_id": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-7.el9_6.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"product": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"product_id": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-7.el9_6.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"product_id": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-7.el9_6.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-7.el9_6.2.i686",
"product": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.i686",
"product_id": "openssl-libs-1:3.2.2-7.el9_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-7.el9_6.2?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"product": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"product_id": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-7.el9_6.2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"product": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"product_id": "openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-7.el9_6.2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-7.el9_6.2.src",
"product": {
"name": "openssl-1:3.2.2-7.el9_6.2.src",
"product_id": "openssl-1:3.2.2-7.el9_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-7.el9_6.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
},
"product_reference": "openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
],
"known_not_affected": [
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T17:17:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1503"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
],
"known_not_affected": [
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T17:17:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1503"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.src",
"BaseOS-9.6.0.Z.EUS:openssl-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-debugsource-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-devel-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.i686",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-libs-debuginfo-1:3.2.2-7.el9_6.2.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-perl-1:3.2.2-7.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
}
]
}
RHSA-2026:2077
Vulnerability from csaf_redhat - Published: 2026-02-11 04:41 - Updated: 2026-02-11 07:22Summary
Red Hat Security Advisory: OpenShift Container Platform 4.20.14 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.20.14 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.20.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.20.14. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2026:2076
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via
oversized Initialization Vector in CMS parsing (CVE-2025-15467)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.20 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.20.14 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.20.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.20.14. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2026:2076\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via\noversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2077",
"url": "https://access.redhat.com/errata/RHSA-2026:2077"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2077.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.20.14 bug fix and security update",
"tracking": {
"current_release_date": "2026-02-11T07:22:34+00:00",
"generator": {
"date": "2026-02-11T07:22:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2077",
"initial_release_date": "2026-02-11T04:41:05+00:00",
"revision_history": [
{
"date": "2026-02-11T04:41:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T04:41:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:22:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.20",
"product": {
"name": "Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-4.20.9.6.202602050328-0",
"product": {
"name": "rhcos-aarch64-4.20.9.6.202602050328-0",
"product_id": "rhcos-aarch64-4.20.9.6.202602050328-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202602050328?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-4.20.9.6.202602050328-0",
"product": {
"name": "rhcos-ppc64le-4.20.9.6.202602050328-0",
"product_id": "rhcos-ppc64le-4.20.9.6.202602050328-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202602050328?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-4.20.9.6.202602050328-0",
"product": {
"name": "rhcos-s390x-4.20.9.6.202602050328-0",
"product_id": "rhcos-s390x-4.20.9.6.202602050328-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202602050328?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-4.20.9.6.202602050328-0",
"product": {
"name": "rhcos-x86_64-4.20.9.6.202602050328-0",
"product_id": "rhcos-x86_64-4.20.9.6.202602050328-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202602050328?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-4.20.9.6.202602050328-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202602050328-0"
},
"product_reference": "rhcos-aarch64-4.20.9.6.202602050328-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-4.20.9.6.202602050328-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202602050328-0"
},
"product_reference": "rhcos-ppc64le-4.20.9.6.202602050328-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-4.20.9.6.202602050328-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202602050328-0"
},
"product_reference": "rhcos-s390x-4.20.9.6.202602050328-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-4.20.9.6.202602050328-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202602050328-0"
},
"product_reference": "rhcos-x86_64-4.20.9.6.202602050328-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202602050328-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:41:05+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:682e85bfe8034924e596b281ed8fefe4451e6f6c5bac07b5ec300443eeb23566\n\n (For s390x architecture)\n The image digest is sha256:66cf2025ec50387370ab50d72677c4c07291a7b6d00f64fbd3847a1f09b74a34\n\n (For ppc64le architecture)\n The image digest is sha256:1214b651712a42e5b9b514fa1d0f225fe0297ccd0ea438820fac4f9ecf87380b\n\n (For aarch64 architecture)\n The image digest is sha256:c8625f4fa6492a1d36d5dccf36407ea0ac35672fe62e8ec1293df5ed90b643b2\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202602050328-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2077"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202602050328-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202602050328-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202602050328-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
}
]
}
RHSA-2026:1496
Vulnerability from csaf_redhat - Published: 2026-01-28 15:32 - Updated: 2026-02-11 07:18Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1496",
"url": "https://access.redhat.com/errata/RHSA-2026:1496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1496.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:18:57+00:00",
"generator": {
"date": "2026-02-11T07:18:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1496",
"initial_release_date": "2026-01-28T15:32:54+00:00",
"revision_history": [
{
"date": "2026-01-28T15:32:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T15:32:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:18:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"product": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"product_id": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-16.el10_0.6?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"product": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"product_id": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-16.el10_0.6?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"product": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"product_id": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-16.el10_0.6?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"product": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"product_id": "openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-16.el10_0.6?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-16.el10_0.6.src",
"product": {
"name": "openssl-1:3.2.2-16.el10_0.6.src",
"product_id": "openssl-1:3.2.2-16.el10_0.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-16.el10_0.6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.src",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
},
"product_reference": "openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
],
"known_not_affected": [
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T15:32:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1496"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
],
"known_not_affected": [
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T15:32:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
],
"known_not_affected": [
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T15:32:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1496"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"AppStream-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"AppStream-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.src",
"BaseOS-10.0.Z.E2S:openssl-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-debugsource-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-devel-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-libs-debuginfo-1:3.2.2-16.el10_0.6.x86_64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.aarch64",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.s390x",
"BaseOS-10.0.Z.E2S:openssl-perl-1:3.2.2-16.el10_0.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
}
]
}
RHSA-2026:1519
Vulnerability from csaf_redhat - Published: 2026-01-29 00:24 - Updated: 2026-02-11 07:19Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1519",
"url": "https://access.redhat.com/errata/RHSA-2026:1519"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1519.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:19:10+00:00",
"generator": {
"date": "2026-02-11T07:19:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1519",
"initial_release_date": "2026-01-29T00:24:19+00:00",
"revision_history": [
{
"date": "2026-01-29T00:24:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-29T00:24:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:19:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"product": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"product_id": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-29.el9_4.2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"product": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"product_id": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-29.el9_4.2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-29.el9_4.2.i686",
"product": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.i686",
"product_id": "openssl-devel-1:3.0.7-29.el9_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-29.el9_4.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"product": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"product_id": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-29.el9_4.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"product": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"product_id": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-29.el9_4.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"product_id": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-29.el9_4.2?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-29.el9_4.2.i686",
"product": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.i686",
"product_id": "openssl-libs-1:3.0.7-29.el9_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-29.el9_4.2?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"product": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"product_id": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-29.el9_4.2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"product": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"product_id": "openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-29.el9_4.2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.7-29.el9_4.2.src",
"product": {
"name": "openssl-1:3.0.7-29.el9_4.2.src",
"product_id": "openssl-1:3.0.7-29.el9_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-29.el9_4.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
},
"product_reference": "openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
],
"known_not_affected": [
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T00:24:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1519"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
],
"known_not_affected": [
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T00:24:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1519"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.src",
"BaseOS-9.4.0.Z.EUS:openssl-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-debugsource-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-devel-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.i686",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-libs-debuginfo-1:3.0.7-29.el9_4.2.x86_64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.aarch64",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.ppc64le",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.s390x",
"BaseOS-9.4.0.Z.EUS:openssl-perl-1:3.0.7-29.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
}
]
}
RHSA-2026:1736
Vulnerability from csaf_redhat - Published: 2026-02-02 17:31 - Updated: 2026-02-11 08:53Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1736",
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11187",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12084",
"url": "https://access.redhat.com/security/cve/CVE-2025-12084"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12818",
"url": "https://access.redhat.com/security/cve/CVE-2025-12818"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13601",
"url": "https://access.redhat.com/security/cve/CVE-2025-13601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13836",
"url": "https://access.redhat.com/security/cve/CVE-2025-13836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15467",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15468",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15469",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66199",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68160",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69418",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69419",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69420",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69421",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9086",
"url": "https://access.redhat.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22795",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22796",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1736.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-02-11T08:53:03+00:00",
"generator": {
"date": "2026-02-11T08:53:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1736",
"initial_release_date": "2026-02-02T17:31:06+00:00",
"revision_history": [
{
"date": "2026-02-02T17:31:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-02T17:31:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T08:53:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1769104765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1769111774"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1769104765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1769111774"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-12T06:01:02.244669+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394750"
}
],
"notes": [
{
"category": "description",
"text": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: libcurl: Curl out of bounds read for cookie path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9086"
},
{
"category": "external",
"summary": "RHBZ#2394750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2025-9086.html",
"url": "https://curl.se/docs/CVE-2025-9086.html"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2025-9086.json",
"url": "https://curl.se/docs/CVE-2025-9086.json"
},
{
"category": "external",
"summary": "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6",
"url": "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3294999",
"url": "https://hackerone.com/reports/3294999"
}
],
"release_date": "2025-09-12T05:10:03.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: libcurl: Curl out of bounds read for cookie path"
},
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-12084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-03T19:01:03.489250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418655"
}
],
"notes": [
{
"category": "description",
"text": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it can lead to a denial of service. The flaw exists in the `xml.dom.minidom` module of cpython, where a quadratic algorithm in methods like `appendChild()` can be triggered when processing excessively nested XML documents. When successfully exploited this may impact the availability of applications utilizing this functionality across affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12084"
},
{
"category": "external",
"summary": "RHBZ#2418655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12084"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/142145",
"url": "https://github.com/python/cpython/issues/142145"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/142146",
"url": "https://github.com/python/cpython/pull/142146"
}
],
"release_date": "2025-12-03T18:55:32.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service"
},
{
"cve": "CVE-2025-12818",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-11-13T14:01:22.870197+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414826"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in PostgreSQL\u2019s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: libpq: libpq undersizes allocations, via integer wraparound",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, even though it carries a High CVSS v3.1 score. The flaw resides in the libpq client library and can be triggered when a client receives specially crafted PostgreSQL protocol data that causes an integer wraparound and an out-of-bounds write. The attack complexity is Low because the malformed protocol message is processed immediately during connection, with no timing or environmental conditions required. However, the impact is limited to a denial of service of the client application only. As a result, Red Hat classifies the overall product impact as Moderate, reflecting that the flaw can interrupt client availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12818"
},
{
"category": "external",
"summary": "RHBZ#2414826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818"
},
{
"category": "external",
"summary": "https://www.postgresql.org/support/security/CVE-2025-12818/",
"url": "https://www.postgresql.org/support/security/CVE-2025-12818/"
}
],
"release_date": "2025-11-13T13:00:12.911000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: libpq: libpq undersizes allocations, via integer wraparound"
},
{
"cve": "CVE-2025-13601",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-11-24T12:49:28.274000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416741"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer overflow in in g_escape_uri_string()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13601"
},
{
"category": "external",
"summary": "RHBZ#2416741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914"
}
],
"release_date": "2025-11-24T13:00:15.295000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer overflow in in g_escape_uri_string()"
},
{
"cve": "CVE-2025-13836",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-01T19:01:03.091899+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418078"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Excessive read buffering DoS in http.client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploited by Python applications using the http.client.HTTPResponse.read function without the amount parameter, which specifies the read size in bytes. Note that Python libraries may use this function internally and make applications vulnerable. Additionally, vulnerable Python applications must connect to a malicious or compromised server that replies with a very large or crafted Content-Length header to trigger this issue, limiting the exposure of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13836"
},
{
"category": "external",
"summary": "RHBZ#2418078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13836",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13836"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/119451",
"url": "https://github.com/python/cpython/issues/119451"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/119454",
"url": "https://github.com/python/cpython/pull/119454"
}
],
"release_date": "2025-12-01T18:02:38.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads.\n\nApplications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:\n\n~~~\n...\nmax_safe_read = 10 * 1024 * 1024\ndata = response.read(max_safe_read)\n...\n~~~",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Excessive read buffering DoS in http.client"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:31:06+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
RHSA-2026:1733
Vulnerability from csaf_redhat - Published: 2026-02-02 17:33 - Updated: 2026-02-11 07:19Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1733",
"url": "https://access.redhat.com/errata/RHSA-2026:1733"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1733.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:19:20+00:00",
"generator": {
"date": "2026-02-11T07:19:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1733",
"initial_release_date": "2026-02-02T17:33:59+00:00",
"revision_history": [
{
"date": "2026-02-02T17:33:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-02T17:33:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:19:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-46.el9_0.7.src",
"product": {
"name": "openssl-1:3.0.1-46.el9_0.7.src",
"product_id": "openssl-1:3.0.1-46.el9_0.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-46.el9_0.7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"product": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"product_id": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-46.el9_0.7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"product": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"product_id": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-46.el9_0.7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"product": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"product_id": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-46.el9_0.7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-46.el9_0.7.i686",
"product": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.i686",
"product_id": "openssl-libs-1:3.0.1-46.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-46.el9_0.7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"product": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"product_id": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-46.el9_0.7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"product": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"product_id": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-46.el9_0.7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"product_id": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-46.el9_0.7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-46.el9_0.7.i686",
"product": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.i686",
"product_id": "openssl-devel-1:3.0.1-46.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-46.el9_0.7?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"product": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"product_id": "openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-46.el9_0.7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
},
"product_reference": "openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
],
"known_not_affected": [
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:33:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1733"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
],
"known_not_affected": [
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T17:33:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1733"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:openssl-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-debugsource-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-devel-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-libs-debuginfo-1:3.0.1-46.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:openssl-perl-1:3.0.1-46.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
}
]
}
RHSA-2026:1472
Vulnerability from csaf_redhat - Published: 2026-01-28 09:06 - Updated: 2026-02-11 07:18Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)
* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)
* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)
* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)
* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)
* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)
* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)
* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1472",
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1472.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:18:47+00:00",
"generator": {
"date": "2026-02-11T07:18:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1472",
"initial_release_date": "2026-01-28T09:06:06+00:00",
"revision_history": [
{
"date": "2026-01-28T09:06:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T09:06:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:18:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.src",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.src",
"product_id": "openssl-1:3.5.1-7.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
RHSA-2026:1473
Vulnerability from csaf_redhat - Published: 2026-01-28 10:08 - Updated: 2026-02-11 07:18Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)
* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)
* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)
* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)
* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)
* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)
* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)
* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1473",
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1473.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:18:48+00:00",
"generator": {
"date": "2026-02-11T07:18:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1473",
"initial_release_date": "2026-01-28T10:08:56+00:00",
"revision_history": [
{
"date": "2026-01-28T10:08:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T10:08:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:18:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.src",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.src",
"product_id": "openssl-1:3.5.1-7.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
RHSA-2026:1594
Vulnerability from csaf_redhat - Published: 2026-01-29 17:22 - Updated: 2026-02-11 07:19Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1594",
"url": "https://access.redhat.com/errata/RHSA-2026:1594"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1594.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-02-11T07:19:15+00:00",
"generator": {
"date": "2026-02-11T07:19:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1594",
"initial_release_date": "2026-01-29T17:22:14+00:00",
"revision_history": [
{
"date": "2026-01-29T17:22:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-29T17:22:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:19:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.7-18.el9_2.3.src",
"product": {
"name": "openssl-1:3.0.7-18.el9_2.3.src",
"product_id": "openssl-1:3.0.7-18.el9_2.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"product": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"product_id": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2.3?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"product": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"product_id": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2.3?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"product": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"product_id": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2.3?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-18.el9_2.3.i686",
"product": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.i686",
"product_id": "openssl-libs-1:3.0.7-18.el9_2.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2.3?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"product": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"product_id": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2.3?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"product": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"product_id": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2.3?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"product_id": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2.3?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-18.el9_2.3.i686",
"product": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.i686",
"product_id": "openssl-devel-1:3.0.7-18.el9_2.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2.3?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"product": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"product_id": "openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.7-18.el9_2.3?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
},
"product_reference": "openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T17:22:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1594"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T17:22:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1594"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"AppStream-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"AppStream-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.src",
"BaseOS-9.2.0.Z.E4S:openssl-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-debugsource-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-devel-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.i686",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-libs-debuginfo-1:3.0.7-18.el9_2.3.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-perl-1:3.0.7-18.el9_2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
}
]
}
SUSE-SU-2026:0312-1
Vulnerability from csaf_suse - Published: 2026-01-28 09:37 - Updated: 2026-01-28 09:37Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Patchnames
SUSE-2026-312,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-312,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-312,openSUSE-SLE-15.6-2026-312
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-312,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-312,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-312,openSUSE-SLE-15.6-2026-312",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0312-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0312-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260312-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0312-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023933.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-01-28T09:37:56Z",
"generator": {
"date": "2026-01-28T09:37:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0312-1",
"initial_release_date": "2026-01-28T09:37:56Z",
"revision_history": [
{
"date": "2026-01-28T09:37:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.42.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-150600.5.42.1.aarch64",
"product_id": "libopenssl3-3.1.4-150600.5.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.42.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-150600.5.42.1.aarch64",
"product_id": "openssl-3-3.1.4-150600.5.42.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.1.4-150600.5.42.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.1.4-150600.5.42.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.1.4-150600.5.42.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.42.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.42.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.42.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.1.4-150600.5.42.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.1.4-150600.5.42.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.1.4-150600.5.42.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.i586",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.i586",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.42.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.i586",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.42.1.i586",
"product": {
"name": "libopenssl3-3.1.4-150600.5.42.1.i586",
"product_id": "libopenssl3-3.1.4-150600.5.42.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.42.1.i586",
"product": {
"name": "openssl-3-3.1.4-150600.5.42.1.i586",
"product_id": "openssl-3-3.1.4-150600.5.42.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.1.4-150600.5.42.1.noarch",
"product": {
"name": "openssl-3-doc-3.1.4-150600.5.42.1.noarch",
"product_id": "openssl-3-doc-3.1.4-150600.5.42.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"product": {
"name": "libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"product_id": "libopenssl3-3.1.4-150600.5.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.42.1.ppc64le",
"product": {
"name": "openssl-3-3.1.4-150600.5.42.1.ppc64le",
"product_id": "openssl-3-3.1.4-150600.5.42.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.42.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-150600.5.42.1.s390x",
"product_id": "libopenssl3-3.1.4-150600.5.42.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.42.1.s390x",
"product": {
"name": "openssl-3-3.1.4-150600.5.42.1.s390x",
"product_id": "openssl-3-3.1.4-150600.5.42.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-150600.5.42.1.x86_64",
"product_id": "libopenssl3-3.1.4-150600.5.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"product_id": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.42.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-150600.5.42.1.x86_64",
"product_id": "openssl-3-3.1.4-150600.5.42.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.1.4-150600.5.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
},
"product_reference": "openssl-3-doc-3.1.4-150600.5.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:openssl-3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.42.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:56Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
SUSE-SU-2026:0311-1
Vulnerability from csaf_suse - Published: 2026-01-28 09:37 - Updated: 2026-01-28 09:37Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Patchnames
SUSE-2026-311,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-311,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-311,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-311,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-311
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-311,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-311,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-311,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-311,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-311",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0311-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0311-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260311-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0311-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023934.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-01-28T09:37:48Z",
"generator": {
"date": "2026-01-28T09:37:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0311-1",
"initial_release_date": "2026-01-28T09:37:48Z",
"revision_history": [
{
"date": "2026-01-28T09:37:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.57.1.aarch64",
"product": {
"name": "libopenssl3-3.0.8-150500.5.57.1.aarch64",
"product_id": "libopenssl3-3.0.8-150500.5.57.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.57.1.aarch64",
"product": {
"name": "openssl-3-3.0.8-150500.5.57.1.aarch64",
"product_id": "openssl-3-3.0.8-150500.5.57.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.0.8-150500.5.57.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.0.8-150500.5.57.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.0.8-150500.5.57.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.0.8-150500.5.57.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.0.8-150500.5.57.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.0.8-150500.5.57.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.i586",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.i586",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.57.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.57.1.i586",
"product": {
"name": "libopenssl3-3.0.8-150500.5.57.1.i586",
"product_id": "libopenssl3-3.0.8-150500.5.57.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.57.1.i586",
"product": {
"name": "openssl-3-3.0.8-150500.5.57.1.i586",
"product_id": "openssl-3-3.0.8-150500.5.57.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.0.8-150500.5.57.1.noarch",
"product": {
"name": "openssl-3-doc-3.0.8-150500.5.57.1.noarch",
"product_id": "openssl-3-doc-3.0.8-150500.5.57.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"product": {
"name": "libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"product_id": "libopenssl3-3.0.8-150500.5.57.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.57.1.ppc64le",
"product": {
"name": "openssl-3-3.0.8-150500.5.57.1.ppc64le",
"product_id": "openssl-3-3.0.8-150500.5.57.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.57.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.57.1.s390x",
"product": {
"name": "libopenssl3-3.0.8-150500.5.57.1.s390x",
"product_id": "libopenssl3-3.0.8-150500.5.57.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.57.1.s390x",
"product": {
"name": "openssl-3-3.0.8-150500.5.57.1.s390x",
"product_id": "openssl-3-3.0.8-150500.5.57.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"product_id": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.8-150500.5.57.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.8-150500.5.57.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.0.8-150500.5.57.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150500.5.57.1.x86_64",
"product": {
"name": "libopenssl3-3.0.8-150500.5.57.1.x86_64",
"product_id": "libopenssl3-3.0.8-150500.5.57.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.8-150500.5.57.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.0.8-150500.5.57.1.x86_64",
"product_id": "libopenssl3-32bit-3.0.8-150500.5.57.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150500.5.57.1.x86_64",
"product": {
"name": "openssl-3-3.0.8-150500.5.57.1.x86_64",
"product_id": "openssl-3-3.0.8-150500.5.57.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150500.5.57.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150500.5.57.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:openssl-3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl-3-devel-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libopenssl3-3.0.8-150500.5.57.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:openssl-3-3.0.8-150500.5.57.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:48Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
SUSE-SU-2026:0310-1
Vulnerability from csaf_suse - Published: 2026-01-28 09:37 - Updated: 2026-01-28 09:37Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Patchnames
SUSE-2026-310,SUSE-SLE-Micro-5.3-2026-310,SUSE-SLE-Micro-5.4-2026-310,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-310,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-310,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-310,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-310
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-310,SUSE-SLE-Micro-5.3-2026-310,SUSE-SLE-Micro-5.4-2026-310,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-310,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-310,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-310,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-310",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0310-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0310-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260310-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0310-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023935.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-01-28T09:37:26Z",
"generator": {
"date": "2026-01-28T09:37:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0310-1",
"initial_release_date": "2026-01-28T09:37:26Z",
"revision_history": [
{
"date": "2026-01-28T09:37:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"product": {
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"product_id": "libopenssl3-3.0.8-150400.4.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.78.1.aarch64",
"product": {
"name": "openssl-3-3.0.8-150400.4.78.1.aarch64",
"product_id": "openssl-3-3.0.8-150400.4.78.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.0.8-150400.4.78.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.0.8-150400.4.78.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.0.8-150400.4.78.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.0.8-150400.4.78.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.0.8-150400.4.78.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.0.8-150400.4.78.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.i586",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.i586",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.78.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.78.1.i586",
"product": {
"name": "libopenssl3-3.0.8-150400.4.78.1.i586",
"product_id": "libopenssl3-3.0.8-150400.4.78.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.78.1.i586",
"product": {
"name": "openssl-3-3.0.8-150400.4.78.1.i586",
"product_id": "openssl-3-3.0.8-150400.4.78.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.0.8-150400.4.78.1.noarch",
"product": {
"name": "openssl-3-doc-3.0.8-150400.4.78.1.noarch",
"product_id": "openssl-3-doc-3.0.8-150400.4.78.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"product": {
"name": "libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"product_id": "libopenssl3-3.0.8-150400.4.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.78.1.ppc64le",
"product": {
"name": "openssl-3-3.0.8-150400.4.78.1.ppc64le",
"product_id": "openssl-3-3.0.8-150400.4.78.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.78.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.78.1.s390x",
"product": {
"name": "libopenssl3-3.0.8-150400.4.78.1.s390x",
"product_id": "libopenssl3-3.0.8-150400.4.78.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.78.1.s390x",
"product": {
"name": "openssl-3-3.0.8-150400.4.78.1.s390x",
"product_id": "openssl-3-3.0.8-150400.4.78.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"product_id": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.8-150400.4.78.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.8-150400.4.78.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.0.8-150400.4.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"product": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"product_id": "libopenssl3-3.0.8-150400.4.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.8-150400.4.78.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.0.8-150400.4.78.1.x86_64",
"product_id": "libopenssl3-32bit-3.0.8-150400.4.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.8-150400.4.78.1.x86_64",
"product": {
"name": "openssl-3-3.0.8-150400.4.78.1.x86_64",
"product_id": "openssl-3-3.0.8-150400.4.78.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "libopenssl3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.8-150400.4.78.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
},
"product_reference": "openssl-3-3.0.8-150400.4.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl-3-devel-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libopenssl3-3.0.8-150400.4.78.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:openssl-3-3.0.8-150400.4.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:37:26Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
SUSE-SU-2026:0309-1
Vulnerability from csaf_suse - Published: 2026-01-28 09:36 - Updated: 2026-01-28 09:36Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Patchnames
SUSE-2026-309,SUSE-SLE-Module-Basesystem-15-SP7-2026-309
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-309,SUSE-SLE-Module-Basesystem-15-SP7-2026-309",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0309-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0309-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260309-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0309-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023936.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-01-28T09:36:37Z",
"generator": {
"date": "2026-01-28T09:36:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0309-1",
"initial_release_date": "2026-01-28T09:36:37Z",
"revision_history": [
{
"date": "2026-01-28T09:36:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.24.1.aarch64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.24.1.aarch64",
"product_id": "libopenssl3-3.2.3-150700.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.24.1.aarch64",
"product": {
"name": "openssl-3-3.2.3-150700.5.24.1.aarch64",
"product_id": "openssl-3-3.2.3-150700.5.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.24.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.24.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.2.3-150700.5.24.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.24.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.24.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.24.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.2.3-150700.5.24.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.2.3-150700.5.24.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.2.3-150700.5.24.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.i586",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.i586",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.24.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.i586",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.24.1.i586",
"product": {
"name": "libopenssl3-3.2.3-150700.5.24.1.i586",
"product_id": "libopenssl3-3.2.3-150700.5.24.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.24.1.i586",
"product": {
"name": "openssl-3-3.2.3-150700.5.24.1.i586",
"product_id": "openssl-3-3.2.3-150700.5.24.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-150700.5.24.1.noarch",
"product": {
"name": "openssl-3-doc-3.2.3-150700.5.24.1.noarch",
"product_id": "openssl-3-doc-3.2.3-150700.5.24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"product": {
"name": "libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"product_id": "libopenssl3-3.2.3-150700.5.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.24.1.ppc64le",
"product": {
"name": "openssl-3-3.2.3-150700.5.24.1.ppc64le",
"product_id": "openssl-3-3.2.3-150700.5.24.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.24.1.s390x",
"product": {
"name": "libopenssl3-3.2.3-150700.5.24.1.s390x",
"product_id": "libopenssl3-3.2.3-150700.5.24.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.24.1.s390x",
"product": {
"name": "openssl-3-3.2.3-150700.5.24.1.s390x",
"product_id": "openssl-3-3.2.3-150700.5.24.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.24.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.2.3-150700.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.24.1.x86_64",
"product_id": "libopenssl3-3.2.3-150700.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"product_id": "libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.24.1.x86_64",
"product": {
"name": "openssl-3-3.2.3-150700.5.24.1.x86_64",
"product_id": "openssl-3-3.2.3-150700.5.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le"
},
"product_reference": "libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x"
},
"product_reference": "libopenssl3-3.2.3-150700.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64"
},
"product_reference": "openssl-3-3.2.3-150700.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.24.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le"
},
"product_reference": "openssl-3-3.2.3-150700.5.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.24.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x"
},
"product_reference": "openssl-3-3.2.3-150700.5.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
},
"product_reference": "openssl-3-3.2.3-150700.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T09:36:37Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
GHSA-WVHQ-3H88-RF6G
Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-01-29 15:30
VLAI?
Details
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2025-15467"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T16:16:14Z",
"severity": "CRITICAL"
},
"details": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"id": "GHSA-wvhq-3h88-rf6g",
"modified": "2026-01-29T15:30:27Z",
"published": "2026-01-27T18:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-0234
Vulnerability from csaf_certbund - Published: 2026-01-27 23:00 - Updated: 2026-02-04 23:00Summary
OpenSSL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0234 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0234.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0234 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0234"
},
{
"category": "external",
"summary": "OpenSSL Advisory vom 2026-01-27",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1472 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6113 vom 2026-01-27",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00022.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7980-1 vom 2026-01-27",
"url": "https://ubuntu.com/security/notices/USN-7980-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7980-2 vom 2026-01-27",
"url": "https://ubuntu.com/security/notices/USN-7980-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1473 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0311-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023934.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0310-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023935.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0309-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023936.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1503 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1503"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1519 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1519"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1496 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1496"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0312-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023933.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1473 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-1473.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1472 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-1472.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50075 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-50075.html"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2026-006 vom 2026-01-29",
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-006"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0343-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023992.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1594 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1594"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0333-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023989.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0332-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023983.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0331-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023981.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:1473 vom 2026-01-31",
"url": "https://errata.build.resf.org/RLSA-2026:1473"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50080 vom 2026-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-50080.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:1472 vom 2026-01-31",
"url": "https://errata.build.resf.org/RLSA-2026:1472"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0346-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023997.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50081 vom 2026-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1736 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0360-1 vom 2026-02-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024012.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1733 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1733"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0359-1 vom 2026-02-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024013.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20152-1 vom 2026-02-03",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KPPEXKBIG3QPIRWWHQNP3EAAUOY3GA5V/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20211-1 vom 2026-02-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024049.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260204-0005 vom 2026-02-04",
"url": "https://security.netapp.com/advisory/NTAP-20260204-0005"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260204-0006 vom 2026-02-04",
"url": "https://security.netapp.com/advisory/NTAP-20260204-0006"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260204-0012 vom 2026-02-04",
"url": "https://security.netapp.com/advisory/NTAP-20260204-0012"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-04T23:00:00.000+00:00",
"generator": {
"date": "2026-02-05T09:40:15.719+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0234",
"initial_release_date": "2026-01-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux, Google, SUSE und Red Hat aufgenommen"
},
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Oracle Linux und SUSE aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2026-02-03T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und NetApp aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Cloud Platform",
"product": {
"name": "Google Cloud Platform",
"product_id": "393401",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.6.1",
"product": {
"name": "Open Source OpenSSL \u003c3.6.1",
"product_id": "T050360"
}
},
{
"category": "product_version",
"name": "3.6.1",
"product": {
"name": "Open Source OpenSSL 3.6.1",
"product_id": "T050360-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.6.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.5.5",
"product": {
"name": "Open Source OpenSSL \u003c3.5.5",
"product_id": "T050361"
}
},
{
"category": "product_version",
"name": "3.5.5",
"product": {
"name": "Open Source OpenSSL 3.5.5",
"product_id": "T050361-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.5.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.4",
"product": {
"name": "Open Source OpenSSL \u003c3.4.4",
"product_id": "T050362"
}
},
{
"category": "product_version",
"name": "3.4.4",
"product": {
"name": "Open Source OpenSSL 3.4.4",
"product_id": "T050362-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.4.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.3.6",
"product": {
"name": "Open Source OpenSSL \u003c3.3.6",
"product_id": "T050363"
}
},
{
"category": "product_version",
"name": "3.3.6",
"product": {
"name": "Open Source OpenSSL 3.3.6",
"product_id": "T050363-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.3.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.19",
"product": {
"name": "Open Source OpenSSL \u003c3.0.19",
"product_id": "T050364"
}
},
{
"category": "product_version",
"name": "3.0.19",
"product": {
"name": "Open Source OpenSSL 3.0.19",
"product_id": "T050364-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.19"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.1ze",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1ze",
"product_id": "T050365"
}
},
{
"category": "product_version",
"name": "1.1.1ze",
"product": {
"name": "Open Source OpenSSL 1.1.1ze",
"product_id": "T050365-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1ze"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.0.2zn",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2zn",
"product_id": "T050366"
}
},
{
"category": "product_version",
"name": "1.0.2zn",
"product": {
"name": "Open Source OpenSSL 1.0.2zn",
"product_id": "T050366-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.0.2zn"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-15469",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-15469"
},
{
"cve": "CVE-2025-66199",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-66199"
},
{
"cve": "CVE-2025-68160",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"product_status": {
"known_affected": [
"T050361",
"T050360",
"67646",
"7654",
"T050366",
"393401",
"T004914",
"T050363",
"T032255",
"T050362",
"T050365",
"T050364",
"2951",
"T002207",
"T000126",
"T027843"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-22796"
}
]
}
CERTFR-2026-AVI-0096
Vulnerability from certfr_avis - Published: 2026-01-28 - Updated: 2026-01-28
De multiples vulnérabilités ont été découvertes dans OpenSSL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL | OpenSSL versions 3.3.x antérieures à 3.3.6 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.6.x antérieures à 3.6.1 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.5.x antérieures à 3.5.5 | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.1.1 antérieures à 1.1.1ze | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.0.2 antérieures à 1.0.2zn | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.0.x antérieures à 3.0.19 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.4.x antérieures à 3.4.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 3.3.x ant\u00e9rieures \u00e0 3.3.6",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.6.x ant\u00e9rieures \u00e0 3.6.1",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.5.x ant\u00e9rieures \u00e0 3.5.5",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.1.1 ant\u00e9rieures \u00e0 1.1.1ze",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.0.2 ant\u00e9rieures \u00e0 1.0.2zn",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.0.x ant\u00e9rieures \u00e0 3.0.19",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.4.x ant\u00e9rieures \u00e0 3.4.4",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
}
],
"initial_release_date": "2026-01-28T00:00:00",
"last_revision_date": "2026-01-28T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0096",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
"vendor_advisories": [
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
}
]
}
FKIE_CVE-2025-15467
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-02-02 18:38
Severity ?
Summary
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
References
| URL | Tags | ||
|---|---|---|---|
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703 | Patch | |
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9 | Patch | |
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3 | Patch | |
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e | Patch | |
| openssl-security@openssl.org | https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc | Patch | |
| openssl-security@openssl.org | https://openssl-library.org/news/secadv/20260127.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/01/27/10 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"id": "CVE-2025-15467",
"lastModified": "2026-02-02T18:38:55.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:14.257",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…