Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-15468 (GCVE-0-2025-15468)
Vulnerability from cvelistv5 – Published: 2026-01-27 16:01 – Updated: 2026-01-27 16:01
VLAI?
EPSS
Title
NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Summary
Issue summary: If an application using the SSL_CIPHER_find() function in
a QUIC protocol client or server receives an unknown cipher suite from
the peer, a NULL dereference occurs.
Impact summary: A NULL pointer dereference leads to abnormal termination of
the running process causing Denial of Service.
Some applications call SSL_CIPHER_find() from the client_hello_cb callback
on the cipher ID received from the peer. If this is done with an SSL object
implementing the QUIC protocol, NULL pointer dereference will happen if
the examined cipher ID is unknown or unsupported.
As it is not very common to call this function in applications using the QUIC
protocol and the worst outcome is Denial of Service, the issue was assessed
as Low severity.
The vulnerable code was introduced in the 3.2 version with the addition
of the QUIC protocol support.
The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,
as the QUIC implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.
OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Stanislav Fort (Aisle Research)
Stanislav Fort (Aisle Research)
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: If an application using the SSL_CIPHER_find() function in\u003cbr\u003ea QUIC protocol client or server receives an unknown cipher suite from\u003cbr\u003ethe peer, a NULL dereference occurs.\u003cbr\u003e\u003cbr\u003eImpact summary: A NULL pointer dereference leads to abnormal termination of\u003cbr\u003ethe running process causing Denial of Service.\u003cbr\u003e\u003cbr\u003eSome applications call SSL_CIPHER_find() from the client_hello_cb callback\u003cbr\u003eon the cipher ID received from the peer. If this is done with an SSL object\u003cbr\u003eimplementing the QUIC protocol, NULL pointer dereference will happen if\u003cbr\u003ethe examined cipher ID is unknown or unsupported.\u003cbr\u003e\u003cbr\u003eAs it is not very common to call this function in applications using the QUIC \u003cbr\u003eprotocol and the worst outcome is Denial of Service, the issue was assessed\u003cbr\u003eas Low severity.\u003cbr\u003e\u003cbr\u003eThe vulnerable code was introduced in the 3.2 version with the addition\u003cbr\u003eof the QUIC protocol support.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\u003cbr\u003eas the QUIC implementation is outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"value": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:20.824Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL dereference in SSL_CIPHER_find() function on unknown cipher ID",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-15468",
"datePublished": "2026-01-27T16:01:20.824Z",
"dateReserved": "2026-01-06T09:27:08.013Z",
"dateUpdated": "2026-01-27T16:01:20.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-15468\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-01-27T16:16:14.400\",\"lastModified\":\"2026-01-27T16:16:14.400\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: If an application using the SSL_CIPHER_find() function in\\na QUIC protocol client or server receives an unknown cipher suite from\\nthe peer, a NULL dereference occurs.\\n\\nImpact summary: A NULL pointer dereference leads to abnormal termination of\\nthe running process causing Denial of Service.\\n\\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\\non the cipher ID received from the peer. If this is done with an SSL object\\nimplementing the QUIC protocol, NULL pointer dereference will happen if\\nthe examined cipher ID is unknown or unsupported.\\n\\nAs it is not very common to call this function in applications using the QUIC \\nprotocol and the worst outcome is Denial of Service, the issue was assessed\\nas Low severity.\\n\\nThe vulnerable code was introduced in the 3.2 version with the addition\\nof the QUIC protocol support.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\\n\\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\\n\\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.\"}],\"metrics\":{},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://openssl-library.org/news/secadv/20260127.txt\",\"source\":\"openssl-security@openssl.org\"}]}}"
}
}
FKIE_CVE-2025-15468
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-01-27 16:16
Severity ?
Summary
Issue summary: If an application using the SSL_CIPHER_find() function in
a QUIC protocol client or server receives an unknown cipher suite from
the peer, a NULL dereference occurs.
Impact summary: A NULL pointer dereference leads to abnormal termination of
the running process causing Denial of Service.
Some applications call SSL_CIPHER_find() from the client_hello_cb callback
on the cipher ID received from the peer. If this is done with an SSL object
implementing the QUIC protocol, NULL pointer dereference will happen if
the examined cipher ID is unknown or unsupported.
As it is not very common to call this function in applications using the QUIC
protocol and the worst outcome is Denial of Service, the issue was assessed
as Low severity.
The vulnerable code was introduced in the 3.2 version with the addition
of the QUIC protocol support.
The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,
as the QUIC implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.
OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"id": "CVE-2025-15468",
"lastModified": "2026-01-27T16:16:14.400",
"metrics": {},
"published": "2026-01-27T16:16:14.400",
"references": [
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4"
},
{
"source": "openssl-security@openssl.org",
"url": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7"
},
{
"source": "openssl-security@openssl.org",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
CERTFR-2026-AVI-0096
Vulnerability from certfr_avis - Published: 2026-01-28 - Updated: 2026-01-28
De multiples vulnérabilités ont été découvertes dans OpenSSL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL | OpenSSL versions 3.3.x antérieures à 3.3.6 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.6.x antérieures à 3.6.1 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.5.x antérieures à 3.5.5 | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.1.1 antérieures à 1.1.1ze | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.0.2 antérieures à 1.0.2zn | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.0.x antérieures à 3.0.19 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.4.x antérieures à 3.4.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 3.3.x ant\u00e9rieures \u00e0 3.3.6",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.6.x ant\u00e9rieures \u00e0 3.6.1",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.5.x ant\u00e9rieures \u00e0 3.5.5",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.1.1 ant\u00e9rieures \u00e0 1.1.1ze",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.0.2 ant\u00e9rieures \u00e0 1.0.2zn",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.0.x ant\u00e9rieures \u00e0 3.0.19",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.4.x ant\u00e9rieures \u00e0 3.4.4",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
}
],
"initial_release_date": "2026-01-28T00:00:00",
"last_revision_date": "2026-01-28T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0096",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
"vendor_advisories": [
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
}
]
}
RHSA-2026:1472
Vulnerability from csaf_redhat - Published: 2026-01-28 09:06 - Updated: 2026-01-28 20:25Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)
* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)
* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)
* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)
* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)
* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)
* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)
* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1472",
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1472.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-01-28T20:25:59+00:00",
"generator": {
"date": "2026-01-28T20:25:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2026:1472",
"initial_release_date": "2026-01-28T09:06:06+00:00",
"revision_history": [
{
"date": "2026-01-28T09:06:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T09:06:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-28T20:25:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product_id": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el10_1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el10_1.src",
"product": {
"name": "openssl-1:3.5.1-7.el10_1.src",
"product_id": "openssl-1:3.5.1-7.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el10_1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T09:06:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"AppStream-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"AppStream-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.src",
"BaseOS-10.1.Z:openssl-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-debugsource-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-devel-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-libs-debuginfo-1:3.5.1-7.el10_1.x86_64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.aarch64",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.ppc64le",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.s390x",
"BaseOS-10.1.Z:openssl-perl-1:3.5.1-7.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
RHSA-2026:1473
Vulnerability from csaf_redhat - Published: 2026-01-28 10:08 - Updated: 2026-01-28 20:25Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)
* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)
* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)
* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)
* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)
* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)
* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)
* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)
* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)
* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1473",
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1473.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-01-28T20:25:59+00:00",
"generator": {
"date": "2026-01-28T20:25:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2026:1473",
"initial_release_date": "2026-01-28T10:08:56+00:00",
"revision_history": [
{
"date": "2026-01-28T10:08:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T10:08:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-28T20:25:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product_id": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.5.1-7.el9_7.src",
"product": {
"name": "openssl-1:3.5.1-7.el9_7.src",
"product_id": "openssl-1:3.5.1-7.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-devel-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.5.1-7.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
},
"product_reference": "openssl-perl-1:3.5.1-7.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T10:08:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"AppStream-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:openssl-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-debugsource-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-devel-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-libs-debuginfo-1:3.5.1-7.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:openssl-perl-1:3.5.1-7.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
}
]
}
GHSA-RHX3-FG8P-F9M4
Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-01-27 18:32
VLAI?
Details
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.
Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.
Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.
As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.
The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.
The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.
OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2025-15468"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T16:16:14Z",
"severity": null
},
"details": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"id": "GHSA-rhx3-fg8p-f9m4",
"modified": "2026-01-27T18:32:15Z",
"published": "2026-01-27T18:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…