The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing with AEAD ciphers like AES-GCM. Attackers craft oversized IVs in ASN.1 parameters, causing stack overflows before authentication checks. This leads to crashes or potential remote code execution on apps handling untrusted CMS or PKCS#7 data, such as S/MIME.
Apps parsing remote CMS content face high risk since no key is needed to trigger the overflow. Exploitability depends on platform defenses like ASLR, but the stack write primitive poses severe danger. OpenSSL rated it High severity.
CVE-2025-11187 involves improper PBMAC1 validation in PKCS#12 files, leading to stack overflows or null dereferences in versions 3.6 to 3.4. Malicious files trigger buffer overflows during key derivation if keylength exceeds 64 bytes.
Several low-severity issues like CVE-2025-69419, CVE-2025-69421, and CVE-2026-22795 also hit PKCS#12 handling, causing out-of-bounds writes or null derefs.
| CVE ID | Severity | Brief Impact | Affected Versions | Patched Versions |
|---|---|---|---|---|
| CVE-2025-11187 | Moderate | Stack overflow in PKCS#12 MAC | 3.6, 3.5, 3.4 | 3.6.1, 3.5.5, 3.4.4 |
| CVE-2025-15467 | High | Stack overflow in CMS parsing | 3.6-3.0 | 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19 |
| CVE-2025-15468 | Low | Null deref in QUIC cipher lookup | 3.6, 3.5, 3.4, 3.3 | 3.6.1, 3.5.5, 3.4.4, 3.3.6 |
| CVE-2025-15469 | Low | dgst tool truncates large inputs | 3.6, 3.5 | 3.6.1, 3.5.5 |
| CVE-2025-66199 | Low | TLS 1.3 cert compression DoS | 3.6, 3.5, 3.4, 3.3 | 3.6.1, 3.5.5, 3.4.4, 3.3.6 |
| CVE-2025-68160 | Low | Heap OOB write in BIO linebuffer | 3.6-3.0, 1.1.1, 1.0.2 | 3.6.1-3.0.19, 1.1.1ze, 1.0.2zn |
| CVE-2025-69418 | Low | OCB tail bytes unencrypted | 3.6-3.0, 1.1.1 | 3.6.1-3.0.19, 1.1.1ze |
| CVE-2025-69419 | Low | OOB write in PKCS12 friendlyname | 3.6-3.0, 1.1.1 | 3.6.1-3.0.19, 1.1.1ze |
| CVE-2025-69420 | Low | Null deref in timestamp verify | 3.6-3.0, 1.1.1 | 3.6.1-3.0.19, 1.1.1ze |
| CVE-2025-69421 | Low | Null deref in PKCS12 decrypt | 3.6-3.0, 1.1.1, 1.0.2 | 3.6.1-3.0.19, 1.1.1ze, 1.0.2zn |
| CVE-2026-22795 | Low | Type confusion in PKCS#12 | 3.6-3.0, 1.1.1 | 3.6.1-3.0.19, 1.1.1ze |
| CVE-2026-22796 | Low | Type confusion in PKCS7 digest | 3.6-3.0, 1.1.1, 1.0.2 | 3.6.1-3.0.19, 1.1.1ze, 1.0.2zn |
These hit parsing untrusted PKCS#12, PKCS#7, timestamps, or niche APIs. Most need crafted inputs, limiting remote exploits to specific setups, reads the advisory.
Vulnerabilities span OpenSSL 3.6 to 1.0.2, excluding older branches without features like PBMAC1 or QUIC. FIPS modules stay safe as the affected code sits outside boundaries.
Aisle Research found nearly all flaws, with Stanislav Fort reporting the most. Others credit Luigino Camastra, Petr Šimeček, Tomas Dulka, and Hamza (Metadust). Fixes by Tomas Mraz, Igor Ustinov, etc.
Upgrade immediately: 3.6.1, 3.5.5, etc. Avoid untrusted PKCS#12/CMS inputs; validate file sizes. For TLS 1.3 compression, set SSL_OP_NO_RX_CERTIFICATE_COMPRESSION. Servers parsing S/MIME or timestamps should patch first due to remote risks.
OpenSSL powers web servers, VPNs, and crypto tools worldwide. Quick updates prevent DoS or worse in production. Check dependencies via package managers.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code appeared first on Cyber Security News.
Konami UK has officially revealed a brand new Steelbook for the upcoming Metal Gear Solid…
It's getting harder every year to fully crack Denuvo, but it's still not impossible, and…
We’re still talking about Skyrim in 2026. While Bethesda continues (or maybe even starts) to…
Anyone remember the 2017 Power Rangers movie? Well, in case you forgot about that one,…
After a long period of being out of stock online, the Resident Evil Generation Pack…
Remote, the leading global employment operating system, announced the acquisition of Bravas. Bravas, headquartered in…
This website uses cookies.