ubuntu-cve-2026-28389
Vulnerability from osv_ubuntu
Published
2026-04-07 00:00
Modified
2026-07-08 20:54
Summary
Details

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.


{
  "affected": [
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2g-1ubuntu4.20+esm15"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.0.2g-1ubuntu4.20+esm15"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.20+esm15?arch=source\u0026distro=esm-infra/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2g-1ubuntu4.20+esm15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.2d-0ubuntu1",
        "1.0.2d-0ubuntu2",
        "1.0.2e-1ubuntu1",
        "1.0.2f-2ubuntu1",
        "1.0.2g-1ubuntu2",
        "1.0.2g-1ubuntu3",
        "1.0.2g-1ubuntu4",
        "1.0.2g-1ubuntu4.1",
        "1.0.2g-1ubuntu4.2",
        "1.0.2g-1ubuntu4.4",
        "1.0.2g-1ubuntu4.5",
        "1.0.2g-1ubuntu4.6",
        "1.0.2g-1ubuntu4.8",
        "1.0.2g-1ubuntu4.9",
        "1.0.2g-1ubuntu4.10",
        "1.0.2g-1ubuntu4.11",
        "1.0.2g-1ubuntu4.12",
        "1.0.2g-1ubuntu4.13",
        "1.0.2g-1ubuntu4.14",
        "1.0.2g-1ubuntu4.15",
        "1.0.2g-1ubuntu4.16",
        "1.0.2g-1ubuntu4.17",
        "1.0.2g-1ubuntu4.18",
        "1.0.2g-1ubuntu4.19",
        "1.0.2g-1ubuntu4.20",
        "1.0.2g-1ubuntu4.20+esm1",
        "1.0.2g-1ubuntu4.20+esm2",
        "1.0.2g-1ubuntu4.20+esm3",
        "1.0.2g-1ubuntu4.20+esm4",
        "1.0.2g-1ubuntu4.20+esm5",
        "1.0.2g-1ubuntu4.20+esm6",
        "1.0.2g-1ubuntu4.20+esm7",
        "1.0.2g-1ubuntu4.20+esm9",
        "1.0.2g-1ubuntu4.20+esm10",
        "1.0.2g-1ubuntu4.20+esm11",
        "1.0.2g-1ubuntu4.20+esm12",
        "1.0.2g-1ubuntu4.20+esm13",
        "1.0.2g-1ubuntu4.20+esm14"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "ovmf",
            "binary_version": "0~20160408.ffea0a2c-2ubuntu0.2+esm3"
          },
          {
            "binary_name": "qemu-efi",
            "binary_version": "0~20160408.ffea0a2c-2ubuntu0.2+esm3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@0~20160408.ffea0a2c-2ubuntu0.2+esm3?arch=source\u0026distro=esm-apps/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0~20150106.5c2d456b-2",
        "0~20160104.c2a892d7-1",
        "0~20160408.ffea0a2c-2",
        "0~20160408.ffea0a2c-2ubuntu0.1",
        "0~20160408.ffea0a2c-2ubuntu0.2",
        "0~20160408.ffea0a2c-2ubuntu0.2+esm1",
        "0~20160408.ffea0a2c-2ubuntu0.2+esm3"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "nodejs",
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3"
          },
          {
            "binary_name": "nodejs-legacy",
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "nodejs",
        "purl": "pkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2+esm3?arch=source\u0026distro=esm-apps/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10.25~dfsg2-2ubuntu1",
        "4.2.2~dfsg-1",
        "4.2.3~dfsg-1",
        "4.2.4~dfsg-1ubuntu1",
        "4.2.4~dfsg-2",
        "4.2.6~dfsg-1ubuntu1",
        "4.2.6~dfsg-1ubuntu4",
        "4.2.6~dfsg-1ubuntu4.1",
        "4.2.6~dfsg-1ubuntu4.2",
        "4.2.6~dfsg-1ubuntu4.2+esm1",
        "4.2.6~dfsg-1ubuntu4.2+esm2",
        "4.2.6~dfsg-1ubuntu4.2+esm3"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.15"
          },
          {
            "binary_name": "libssl1.0.0-hmac",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.15"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.15"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.fips.4.20.15?arch=source\u0026distro=fips-updates/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2g-1ubuntu4.fips.4.20.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.2g-1ubuntu4.fips.4.9.1",
        "1.0.2g-1ubuntu4.fips.4.13.1",
        "1.0.2g-1ubuntu4.fips.4.15.1",
        "1.0.2g-1ubuntu4.fips.4.16.1",
        "1.0.2g-1ubuntu4.fips.4.17.1",
        "1.0.2g-1ubuntu4.fips.4.18.1",
        "1.0.2g-1ubuntu4.fips.4.19.3",
        "1.0.2g-1ubuntu4.fips.4.20.1",
        "1.0.2g-1ubuntu4.fips.4.20.2",
        "1.0.2g-1ubuntu4.fips.4.20.3",
        "1.0.2g-1ubuntu4.fips.4.20.6",
        "1.0.2g-1ubuntu4.fips.4.20.7",
        "1.0.2g-1ubuntu4.fips.4.20.9",
        "1.0.2g-1ubuntu4.fips.4.20.10",
        "1.0.2g-1ubuntu4.fips.4.20.11",
        "1.0.2g-1ubuntu4.fips.4.20.12",
        "1.0.2g-1ubuntu4.fips.4.20.13",
        "1.0.2g-1ubuntu4.fips.4.20.14"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
          },
          {
            "binary_name": "libssl1.0.0-hmac",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.0.2g-1ubuntu4.fips.4.6.3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.fips.4.6.3?arch=source\u0026distro=fips/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.2g-1ubuntu4.fips.4.6~ppa1",
        "1.0.2g-1ubuntu4.fips.4.6~ppa2",
        "1.0.2g-1ubuntu4.fips.4.6~ppa3",
        "1.0.2g-1ubuntu4.fips.4.6",
        "1.0.2g-1ubuntu4.fips.4.6.1",
        "1.0.2g-1ubuntu4.fips.4.6.2",
        "1.0.2g-1ubuntu4.fips.4.6.3"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm8"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm8"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.23+esm8?arch=source\u0026distro=esm-infra/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1-1ubuntu2.1~18.04.23+esm8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.2g-1ubuntu13",
        "1.0.2g-1ubuntu14",
        "1.0.2n-1ubuntu1",
        "1.1.0g-2ubuntu1",
        "1.1.0g-2ubuntu2",
        "1.1.0g-2ubuntu3",
        "1.1.0g-2ubuntu4",
        "1.1.0g-2ubuntu4.1",
        "1.1.0g-2ubuntu4.3",
        "1.1.1-1ubuntu2.1~18.04.1",
        "1.1.1-1ubuntu2.1~18.04.2",
        "1.1.1-1ubuntu2.1~18.04.3",
        "1.1.1-1ubuntu2.1~18.04.4",
        "1.1.1-1ubuntu2.1~18.04.5",
        "1.1.1-1ubuntu2.1~18.04.6",
        "1.1.1-1ubuntu2.1~18.04.7",
        "1.1.1-1ubuntu2.1~18.04.8",
        "1.1.1-1ubuntu2.1~18.04.9",
        "1.1.1-1ubuntu2.1~18.04.10",
        "1.1.1-1ubuntu2.1~18.04.13",
        "1.1.1-1ubuntu2.1~18.04.14",
        "1.1.1-1ubuntu2.1~18.04.15",
        "1.1.1-1ubuntu2.1~18.04.17",
        "1.1.1-1ubuntu2.1~18.04.19",
        "1.1.1-1ubuntu2.1~18.04.20",
        "1.1.1-1ubuntu2.1~18.04.21",
        "1.1.1-1ubuntu2.1~18.04.22",
        "1.1.1-1ubuntu2.1~18.04.23",
        "1.1.1-1ubuntu2.1~18.04.23+esm1",
        "1.1.1-1ubuntu2.1~18.04.23+esm3",
        "1.1.1-1ubuntu2.1~18.04.23+esm4",
        "1.1.1-1ubuntu2.1~18.04.23+esm5",
        "1.1.1-1ubuntu2.1~18.04.23+esm6",
        "1.1.1-1ubuntu2.1~18.04.23+esm7"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.0.0",
            "binary_version": "1.0.2n-1ubuntu5.13+esm4"
          },
          {
            "binary_name": "openssl1.0",
            "binary_version": "1.0.2n-1ubuntu5.13+esm4"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "openssl1.0",
        "purl": "pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.13+esm4?arch=source\u0026distro=esm-infra/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2n-1ubuntu5.13+esm4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.2n-1ubuntu2",
        "1.0.2n-1ubuntu3",
        "1.0.2n-1ubuntu4",
        "1.0.2n-1ubuntu5",
        "1.0.2n-1ubuntu5.1",
        "1.0.2n-1ubuntu5.2",
        "1.0.2n-1ubuntu5.3",
        "1.0.2n-1ubuntu5.4",
        "1.0.2n-1ubuntu5.5",
        "1.0.2n-1ubuntu5.6",
        "1.0.2n-1ubuntu5.7",
        "1.0.2n-1ubuntu5.8",
        "1.0.2n-1ubuntu5.9",
        "1.0.2n-1ubuntu5.10",
        "1.0.2n-1ubuntu5.11",
        "1.0.2n-1ubuntu5.12",
        "1.0.2n-1ubuntu5.13",
        "1.0.2n-1ubuntu5.13+esm1",
        "1.0.2n-1ubuntu5.13+esm2",
        "1.0.2n-1ubuntu5.13+esm3"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "ovmf",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
          },
          {
            "binary_name": "qemu-efi",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
          },
          {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
          },
          {
            "binary_name": "qemu-efi-arm",
            "binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@0~20180205.c0d9813c-2ubuntu0.3+esm2?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0~20170911.5dfba97c-1",
        "0~20171010.234dbcef-1",
        "0~20171027.76fd5a66-1",
        "0~20171205.a9212288-1",
        "0~20180105.0bc94c74-1",
        "0~20180205.c0d9813c-1",
        "0~20180205.c0d9813c-2",
        "0~20180205.c0d9813c-2ubuntu0.1",
        "0~20180205.c0d9813c-2ubuntu0.2",
        "0~20180205.c0d9813c-2ubuntu0.3",
        "0~20180205.c0d9813c-2ubuntu0.3+esm1",
        "0~20180205.c0d9813c-2ubuntu0.3+esm2"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "nodejs",
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm6"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "nodejs",
        "purl": "pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm6?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6.11.4~dfsg-1ubuntu1",
        "6.11.4~dfsg-1ubuntu2",
        "6.12.0~dfsg-1ubuntu1",
        "6.12.0~dfsg-2ubuntu1",
        "6.12.0~dfsg-2ubuntu2",
        "8.10.0~dfsg-2",
        "8.10.0~dfsg-2ubuntu0.2",
        "8.10.0~dfsg-2ubuntu0.3",
        "8.10.0~dfsg-2ubuntu0.4",
        "8.10.0~dfsg-2ubuntu0.4+esm1",
        "8.10.0~dfsg-2ubuntu0.4+esm2",
        "8.10.0~dfsg-2ubuntu0.4+esm3",
        "8.10.0~dfsg-2ubuntu0.4+esm4",
        "8.10.0~dfsg-2ubuntu0.4+esm5",
        "8.10.0~dfsg-2ubuntu0.4+esm6"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.8"
          },
          {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.8"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.8"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-updates:18.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.fips.2.1~18.04.23.8?arch=source\u0026distro=fips-updates/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1-1ubuntu2.fips.2.1~18.04.23.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1-1ubuntu2.fips.2.1~18.04.5.1",
        "1.1.1-1ubuntu2.fips.2.1~18.04.6.1",
        "1.1.1-1ubuntu2.fips.2.1~18.04.7.1",
        "1.1.1-1ubuntu2.fips.2.1~18.04.9.1",
        "1.1.1-1ubuntu2.fips.2.1~18.04.9.2",
        "1.1.1-1ubuntu2.fips.2.1~18.04.9.3",
        "1.1.1-1ubuntu2.fips.2.1~18.04.13.2",
        "1.1.1-1ubuntu2.fips.2.1~18.04.15",
        "1.1.1-1ubuntu2.fips.2.1~18.04.15.1",
        "1.1.1-1ubuntu2.fips.2.1~18.04.15.2",
        "1.1.1-1ubuntu2.fips.2.1~18.04.17",
        "1.1.1-1ubuntu2.fips.2.1~18.04.20",
        "1.1.1-1ubuntu2.fips.2.1~18.04.21",
        "1.1.1-1ubuntu2.fips.2.1~18.04.22",
        "1.1.1-1ubuntu2.fips.2.1~18.04.23",
        "1.1.1-1ubuntu2.fips.2.1~18.04.23.3",
        "1.1.1-1ubuntu2.fips.2.1~18.04.23.4",
        "1.1.1-1ubuntu2.fips.2.1~18.04.23.5",
        "1.1.1-1ubuntu2.fips.2.1~18.04.23.6",
        "1.1.1-1ubuntu2.fips.2.1~18.04.23.7"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
          },
          {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS:18.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.fips.2.1~18.04.15.2?arch=source\u0026distro=fips/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1-1ubuntu2.fips.2.1~18.04.3.1",
        "1.1.1-1ubuntu2.fips.2.1~18.04.15.2"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "ovmf",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
          },
          {
            "binary_name": "qemu-efi",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
          },
          {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
          },
          {
            "binary_name": "qemu-efi-arm",
            "binary_version": "0~20191122.bd85bf54-2ubuntu3.6"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@0~20191122.bd85bf54-2ubuntu3.6?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0~20190606.20d2e5a1-2ubuntu1",
        "0~20190828.37eef910-3",
        "0~20190828.37eef910-4",
        "0~20191122.bd85bf54-1",
        "0~20191122.bd85bf54-1ubuntu1",
        "0~20191122.bd85bf54-2",
        "0~20191122.bd85bf54-2ubuntu1",
        "0~20191122.bd85bf54-2ubuntu2",
        "0~20191122.bd85bf54-2ubuntu3",
        "0~20191122.bd85bf54-2ubuntu3.1",
        "0~20191122.bd85bf54-2ubuntu3.2",
        "0~20191122.bd85bf54-2ubuntu3.3",
        "0~20191122.bd85bf54-2ubuntu3.4",
        "0~20191122.bd85bf54-2ubuntu3.5",
        "0~20191122.bd85bf54-2ubuntu3.6"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1f-1ubuntu2.24+esm3"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.1.1f-1ubuntu2.24+esm3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:20.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.24+esm3?arch=source\u0026distro=esm-infra/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1f-1ubuntu2.24+esm3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1c-1ubuntu4",
        "1.1.1d-2ubuntu3",
        "1.1.1d-2ubuntu6",
        "1.1.1f-1ubuntu1",
        "1.1.1f-1ubuntu2",
        "1.1.1f-1ubuntu2.1",
        "1.1.1f-1ubuntu2.2",
        "1.1.1f-1ubuntu2.3",
        "1.1.1f-1ubuntu2.4",
        "1.1.1f-1ubuntu2.5",
        "1.1.1f-1ubuntu2.8",
        "1.1.1f-1ubuntu2.9",
        "1.1.1f-1ubuntu2.10",
        "1.1.1f-1ubuntu2.11",
        "1.1.1f-1ubuntu2.12",
        "1.1.1f-1ubuntu2.13",
        "1.1.1f-1ubuntu2.15",
        "1.1.1f-1ubuntu2.16",
        "1.1.1f-1ubuntu2.17",
        "1.1.1f-1ubuntu2.18",
        "1.1.1f-1ubuntu2.19",
        "1.1.1f-1ubuntu2.20",
        "1.1.1f-1ubuntu2.21",
        "1.1.1f-1ubuntu2.22",
        "1.1.1f-1ubuntu2.23",
        "1.1.1f-1ubuntu2.24",
        "1.1.1f-1ubuntu2.24+esm1",
        "1.1.1f-1ubuntu2.24+esm2"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1f-1ubuntu2.fips.24.3"
          },
          {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1f-1ubuntu2.fips.24.3"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.1.1f-1ubuntu2.fips.24.3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-updates:20.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.fips.24.3?arch=source\u0026distro=fips-updates/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1f-1ubuntu2.fips.24.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1f-1ubuntu2.fips.7",
        "1.1.1f-1ubuntu2.fips.7.2",
        "1.1.1f-1ubuntu2.fips.12",
        "1.1.1f-1ubuntu2.fips.13",
        "1.1.1f-1ubuntu2.fips.13.1",
        "1.1.1f-1ubuntu2.fips.16",
        "1.1.1f-1ubuntu2.fips.17",
        "1.1.1f-1ubuntu2.fips.18",
        "1.1.1f-1ubuntu2.fips.19",
        "1.1.1f-1ubuntu2.fips.20",
        "1.1.1f-1ubuntu2.fips.21",
        "1.1.1f-1ubuntu2.fips.22",
        "1.1.1f-1ubuntu2.fips.24",
        "1.1.1f-1ubuntu2.fips.24.1",
        "1.1.1f-1ubuntu2.fips.24.2"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "libssl1.1",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
          },
          {
            "binary_name": "libssl1.1-hmac",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
          },
          {
            "binary_name": "openssl",
            "binary_version": "1.1.1f-1ubuntu2.fips.7.1"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS:20.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.fips.7.1?arch=source\u0026distro=fips/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1f-1ubuntu2.fips.2.8",
        "1.1.1f-1ubuntu2.fips.7.1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "ovmf",
            "binary_version": "2022.02-3ubuntu0.22.04.6"
          },
          {
            "binary_name": "ovmf-ia32",
            "binary_version": "2022.02-3ubuntu0.22.04.6"
          },
          {
            "binary_name": "qemu-efi",
            "binary_version": "2022.02-3ubuntu0.22.04.6"
          },
          {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2022.02-3ubuntu0.22.04.6"
          },
          {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2022.02-3ubuntu0.22.04.6"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@2022.02-3ubuntu0.22.04.6?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2021.08~rc0-2",
        "2021.08-3",
        "2021.11~rc1-1",
        "2021.11-1",
        "2021.11-2",
        "2022.02~rc1-1",
        "2022.02~rc1-1ubuntu1",
        "2022.02-1",
        "2022.02-2",
        "2022.02-3",
        "2022.02-3ubuntu0.22.04.1",
        "2022.02-3ubuntu0.22.04.2",
        "2022.02-3ubuntu0.22.04.3",
        "2022.02-3ubuntu0.22.04.4",
        "2022.02-3ubuntu0.22.04.5",
        "2022.02-3ubuntu0.22.04.6"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.23"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.23"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.23?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.2-0ubuntu1.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.1l-1ubuntu1",
        "3.0.0-1ubuntu1",
        "3.0.1-0ubuntu1",
        "3.0.2-0ubuntu1",
        "3.0.2-0ubuntu1.1",
        "3.0.2-0ubuntu1.2",
        "3.0.2-0ubuntu1.4",
        "3.0.2-0ubuntu1.5",
        "3.0.2-0ubuntu1.6",
        "3.0.2-0ubuntu1.7",
        "3.0.2-0ubuntu1.8",
        "3.0.2-0ubuntu1.9",
        "3.0.2-0ubuntu1.10",
        "3.0.2-0ubuntu1.12",
        "3.0.2-0ubuntu1.13",
        "3.0.2-0ubuntu1.14",
        "3.0.2-0ubuntu1.15",
        "3.0.2-0ubuntu1.16",
        "3.0.2-0ubuntu1.17",
        "3.0.2-0ubuntu1.18",
        "3.0.2-0ubuntu1.19",
        "3.0.2-0ubuntu1.20",
        "3.0.2-0ubuntu1.21"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "libnode72",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2"
          },
          {
            "binary_name": "nodejs",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:22.04:LTS",
        "name": "nodejs",
        "purl": "pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6+esm2?arch=source\u0026distro=esm-apps/jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "12.22.5~dfsg-5ubuntu1",
        "12.22.7~dfsg-2ubuntu1",
        "12.22.7~dfsg-2ubuntu3",
        "12.22.9~dfsg-1ubuntu2",
        "12.22.9~dfsg-1ubuntu3",
        "12.22.9~dfsg-1ubuntu3.1",
        "12.22.9~dfsg-1ubuntu3.2",
        "12.22.9~dfsg-1ubuntu3.3",
        "12.22.9~dfsg-1ubuntu3.4",
        "12.22.9~dfsg-1ubuntu3.5",
        "12.22.9~dfsg-1ubuntu3.6",
        "12.22.9~dfsg-1ubuntu3.6+esm2"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.12+Fips1"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.12+Fips1"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-preview:22.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.12+Fips1?arch=source\u0026distro=fips-preview/jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.2-0ubuntu1.10+Fips1",
        "3.0.2-0ubuntu1.12+Fips1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "openssl-fips-module-3",
            "binary_version": "3.0.5-0ubuntu0.1+Fips2.1"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-preview:22.04:LTS",
        "name": "openssl-fips",
        "purl": "pkg:deb/ubuntu/openssl-fips@3.0.5-0ubuntu0.1+Fips2.1?arch=source\u0026distro=fips-preview/jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.5-0ubuntu0.1+Fips2.1"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libssl3",
            "binary_version": "3.0.2-0ubuntu1.23+Fips1"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.0.2-0ubuntu1.23+Fips1"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-updates:22.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.23+Fips1?arch=source\u0026distro=fips-updates/jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.2-0ubuntu1.23+Fips1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.2-0ubuntu1.10+Fips1",
        "3.0.2-0ubuntu1.12+Fips1",
        "3.0.2-0ubuntu1.14+Fips1",
        "3.0.2-0ubuntu1.15+Fips1",
        "3.0.2-0ubuntu1.16+Fips1",
        "3.0.2-0ubuntu1.17+Fips1",
        "3.0.2-0ubuntu1.18+Fips1",
        "3.0.2-0ubuntu1.19+Fips1",
        "3.0.2-0ubuntu1.20+Fips1",
        "3.0.2-0ubuntu1.21+Fips1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "openssl-fips-module-3",
            "binary_version": "3.0.5-0ubuntu0.2+Fips1"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-updates:22.04:LTS",
        "name": "openssl-fips",
        "purl": "pkg:deb/ubuntu/openssl-fips@3.0.5-0ubuntu0.2+Fips1?arch=source\u0026distro=fips-updates/jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.5-0ubuntu0.1+Fips2.1",
        "3.0.5-0ubuntu0.2+Fips1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "efi-shell-arm",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "efi-shell-ia32",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "efi-shell-x64",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "ovmf",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "ovmf-ia32",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "ovmf-legacy",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2024.02-2ubuntu0.9"
          },
          {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2024.02-2ubuntu0.9"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:24.04:LTS",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@2024.02-2ubuntu0.9?arch=source\u0026distro=noble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2023.05-2",
        "2023.11-2",
        "2023.11-3",
        "2023.11-4",
        "2023.11-5",
        "2023.11-6",
        "2023.11-8",
        "2024.02-1",
        "2024.02-2",
        "2024.02-2ubuntu0.1",
        "2024.02-2ubuntu0.3",
        "2024.02-2ubuntu0.4",
        "2024.02-2ubuntu0.5",
        "2024.02-2ubuntu0.6",
        "2024.02-2ubuntu0.7",
        "2024.02-2ubuntu0.8",
        "2024.02-2ubuntu0.9"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3t64",
            "binary_version": "3.0.13-0ubuntu3.9"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.0.13-0ubuntu3.9"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:24.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=source\u0026distro=noble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.13-0ubuntu3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.10-1ubuntu2",
        "3.0.10-1ubuntu2.1",
        "3.0.10-1ubuntu3",
        "3.0.10-1ubuntu4",
        "3.0.13-0ubuntu2",
        "3.0.13-0ubuntu3",
        "3.0.13-0ubuntu3.1",
        "3.0.13-0ubuntu3.2",
        "3.0.13-0ubuntu3.3",
        "3.0.13-0ubuntu3.4",
        "3.0.13-0ubuntu3.5",
        "3.0.13-0ubuntu3.6",
        "3.0.13-0ubuntu3.7"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "openssl-fips-module-3",
            "binary_version": "3.0.13-0ubuntu3.6+Fips1"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:FIPS-updates:24.04:LTS",
        "name": "openssl-fips",
        "purl": "pkg:deb/ubuntu/openssl-fips@3.0.13-0ubuntu3.6+Fips1?arch=source\u0026distro=fips-updates/noble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.13-0ubuntu3+Fips1",
        "3.0.13-0ubuntu3.6+Fips1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "efi-shell-arm",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "efi-shell-ia32",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "efi-shell-loongarch64",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "efi-shell-x64",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "ovmf",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "ovmf-ia32",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "ovmf-inteltdx",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "ovmf-legacy",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "qemu-efi-arm",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "qemu-efi-loongarch64",
            "binary_version": "2025.02-8ubuntu3.2"
          },
          {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2025.02-8ubuntu3.2"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:25.10",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@2025.02-8ubuntu3.2?arch=source\u0026distro=questing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2025.02-3ubuntu2",
        "2025.02-8",
        "2025.02-8ubuntu1",
        "2025.02-8ubuntu2",
        "2025.02-8ubuntu3",
        "2025.02-8ubuntu3.1",
        "2025.02-8ubuntu3.2"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3t64",
            "binary_version": "3.5.3-1ubuntu3.3"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.5.3-1ubuntu3.3"
          },
          {
            "binary_name": "openssl-provider-legacy",
            "binary_version": "3.5.3-1ubuntu3.3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:25.10",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.5.3-1ubuntu3.3?arch=source\u0026distro=questing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.3-1ubuntu3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.4.1-1ubuntu3",
        "3.5.0-2ubuntu1",
        "3.5.2-1ubuntu1",
        "3.5.3-1ubuntu2",
        "3.5.3-1ubuntu3"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "efi-shell-aa64",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "efi-shell-loongarch64",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "efi-shell-riscv64",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "efi-shell-x64",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "ovmf",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "ovmf-amdsev",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "ovmf-generic",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "ovmf-inteltdx",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "ovmf-legacy",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "qemu-efi-aarch64",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "qemu-efi-loongarch64",
            "binary_version": "2025.11-3ubuntu7"
          },
          {
            "binary_name": "qemu-efi-riscv64",
            "binary_version": "2025.11-3ubuntu7"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:26.04:LTS",
        "name": "edk2",
        "purl": "pkg:deb/ubuntu/edk2@2025.11-3ubuntu7?arch=source\u0026distro=resolute"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2025.02-8ubuntu3",
        "2025.11-3ubuntu6",
        "2025.11-3ubuntu7"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libssl3t64",
            "binary_version": "3.5.5-1ubuntu3"
          },
          {
            "binary_name": "openssl",
            "binary_version": "3.5.5-1ubuntu3"
          },
          {
            "binary_name": "openssl-provider-legacy",
            "binary_version": "3.5.5-1ubuntu3"
          }
        ],
        "priority_reason": "OpenSSL developers have rated this issue as being low severity"
      },
      "package": {
        "ecosystem": "Ubuntu:26.04:LTS",
        "name": "openssl",
        "purl": "pkg:deb/ubuntu/openssl@3.5.5-1ubuntu3?arch=source\u0026distro=resolute"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.5-1ubuntu3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.5.3-1ubuntu2",
        "3.5.5-1ubuntu1"
      ]
    }
  ],
  "aliases": [],
  "details": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.",
  "id": "UBUNTU-CVE-2026-28389",
  "modified": "2026-07-08T20:54:00Z",
  "published": "2026-04-07T00:00:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-28389"
    },
    {
      "type": "REPORT",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
    },
    {
      "type": "REPORT",
      "url": "https://www.openwall.com/lists/oss-security/2026/04/07/11"
    },
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-8155-1"
    },
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-8155-2"
    }
  ],
  "related": [
    "USN-8155-1",
    "USN-8155-2"
  ],
  "schema_version": "1.7.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "low",
      "type": "Ubuntu"
    }
  ],
  "upstream": [
    "CVE-2026-28389"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…