Vulnerabilities

 64 via 64 paths

Dependencies

 116

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 oracle:9
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 31
  • 33
Status
  • 64
  • 0
  • 0

high severity

Buffer Overflow

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.3.ksplice1.el9

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.3.ksplice1.el9 or higher.
This issue was patched in ELSA-2022-9968.

References

Buffer Overflow vulnerability report

high severity

CVE-2023-5363

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.7-25.0.1.ksplice1.el9_3

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical.

Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.7-25.0.1.ksplice1.el9_3 or higher.
This issue was patched in ELSA-2024-12093.

References

CVE-2023-5363 vulnerability report

high severity
new

CVE-2025-69421

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.

Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.

The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.

Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69421 vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.3.ksplice1.el9

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.3.ksplice1.el9 or higher.
This issue was patched in ELSA-2022-9968.

References

Out-of-bounds Write vulnerability report

high severity

Buffer Overflow

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.3.ksplice1.el9

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.3.ksplice1.el9 or higher.
This issue was patched in ELSA-2022-9968.

References

Buffer Overflow vulnerability report

high severity

CVE-2023-5363

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.7-25.0.1.ksplice1.el9_3

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical.

Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.7-25.0.1.ksplice1.el9_3 or higher.
This issue was patched in ELSA-2024-12093.

References

CVE-2023-5363 vulnerability report

high severity
new

CVE-2025-69421

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.

Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.

The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.

Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69421 vulnerability report

high severity

Out-of-bounds Write

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.3.ksplice1.el9

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.3.ksplice1.el9 or higher.
This issue was patched in ELSA-2022-9968.

References

Out-of-bounds Write vulnerability report

high severity
new

Resource Exhaustion

  • Vulnerable module: libbrotli
  • Introduced through: libbrotli@1.0.9-7.el9_5
  • Fixed in: 0:1.0.9-9.el9_7

Detailed paths

  • Introduced through: mysql@latest libbrotli@1.0.9-7.el9_5

NVD Description

Note: Versions mentioned in the description apply only to the upstream libbrotli package and not the libbrotli package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.

Remediation

Upgrade Oracle:9 libbrotli to version 0:1.0.9-9.el9_7 or higher.
This issue was patched in ELSA-2026-2042.

References

Resource Exhaustion vulnerability report

high severity
new

CVE-2025-11187

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.

Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.

When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.

Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.

The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.

OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-11187 vulnerability report

high severity
new

CVE-2025-15467

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.

Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.

When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-15467 vulnerability report

high severity
new

CVE-2025-15468

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.

Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.

Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.

As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.

The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.

The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-15468 vulnerability report

high severity
new

CVE-2025-15469

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.

Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.

When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.

The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.

The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.

OpenSSL 3.5 and 3.6 are vulnerable to this issue.

OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-15469 vulnerability report

high severity
new

CVE-2025-66199

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.

Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).

In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.

This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.

Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.

The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-66199 vulnerability report

high severity
new

CVE-2025-68160

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.

Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.

The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-68160 vulnerability report

high severity
new

CVE-2025-69418

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69418 vulnerability report

high severity
new

CVE-2025-69419

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.

Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.

The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.

The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69419 vulnerability report

high severity
new

CVE-2025-69420

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.

Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.

The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.

Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69420 vulnerability report

high severity
new

CVE-2026-22795

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.

Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.

A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.

The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2026-22795 vulnerability report

high severity
new

CVE-2026-22796

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.

Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.

The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.

Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2026-22796 vulnerability report

high severity
new

CVE-2025-11187

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.

Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.

When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.

Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.

The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.

OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-11187 vulnerability report

high severity
new

CVE-2025-15467

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.

Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.

When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-15467 vulnerability report

high severity
new

CVE-2025-15468

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.

Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.

Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.

As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.

The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.

The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-15468 vulnerability report

high severity
new

CVE-2025-15469

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.

Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.

When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.

The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.

The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.

OpenSSL 3.5 and 3.6 are vulnerable to this issue.

OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-15469 vulnerability report

high severity
new

CVE-2025-66199

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.

Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).

In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.

This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.

Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.

The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.

OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-66199 vulnerability report

high severity
new

CVE-2025-68160

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.

Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.

The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-68160 vulnerability report

high severity
new

CVE-2025-69418

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69418 vulnerability report

high severity
new

CVE-2025-69419

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.

Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.

The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.

The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69419 vulnerability report

high severity
new

CVE-2025-69420

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.

Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.

The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.

Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2025-69420 vulnerability report

high severity
new

CVE-2026-22795

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.

Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.

A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.

The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2026-22795 vulnerability report

high severity
new

CVE-2026-22796

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-7.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.

Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.

The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.

Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-7.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2026-50080.

References

CVE-2026-22796 vulnerability report

medium severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.7-28.0.1.ksplice1.el9_4

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

Impact summary: Abnormal termination of an application can a cause a denial of service.

Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an otherName subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program.

Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address.

TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.7-28.0.1.ksplice1.el9_4 or higher.
This issue was patched in ELSA-2024-12683.

References

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability report

medium severity

Double Free

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

The OpenSSL asn1parse command line application is also impacted by this issue.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Double Free vulnerability report

medium severity

Incomplete Cleanup

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

Incomplete Cleanup vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.

The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider.

PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

NULL Pointer Dereference vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

NULL Pointer Dereference vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

NULL Pointer Dereference vulnerability report

medium severity

Use After Free

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.

The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.

This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream.

The OpenSSL cms and smime command line applications are similarly affected.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Use After Free vulnerability report

medium severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.7-28.0.1.ksplice1.el9_4

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

Impact summary: Abnormal termination of an application can a cause a denial of service.

Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an otherName subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program.

Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address.

TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.7-28.0.1.ksplice1.el9_4 or higher.
This issue was patched in ELSA-2024-12683.

References

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability report

medium severity

Double Free

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

The OpenSSL asn1parse command line application is also impacted by this issue.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Double Free vulnerability report

medium severity

Incomplete Cleanup

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

Incomplete Cleanup vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.

The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider.

PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

NULL Pointer Dereference vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

NULL Pointer Dereference vulnerability report

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

NULL Pointer Dereference vulnerability report

medium severity

Use After Free

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.

The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.

This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream.

The OpenSSL cms and smime command line applications are similarly affected.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Use After Free vulnerability report

medium severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.

When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability report

medium severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.

When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability report

medium severity

OS Command Injection

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

OS Command Injection vulnerability report

medium severity

OS Command Injection

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

OS Command Injection vulnerability report

medium severity

OS Command Injection

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

OS Command Injection vulnerability report

medium severity

OS Command Injection

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

OS Command Injection vulnerability report

medium severity
new

Out-of-bounds Read

  • Vulnerable module: libblkid
  • Introduced through: libblkid@2.37.4-21.0.1.el9
  • Fixed in: 0:2.37.4-21.0.1.el9_7

Detailed paths

  • Introduced through: mysql@latest libblkid@2.37.4-21.0.1.el9

NVD Description

Note: Versions mentioned in the description apply only to the upstream libblkid package and not the libblkid package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Remediation

Upgrade Oracle:9 libblkid to version 0:2.37.4-21.0.1.el9_7 or higher.
This issue was patched in ELSA-2026-1913.

References

Out-of-bounds Read vulnerability report

medium severity
new

Out-of-bounds Read

  • Vulnerable module: libmount
  • Introduced through: libmount@2.37.4-21.0.1.el9
  • Fixed in: 0:2.37.4-21.0.1.el9_7

Detailed paths

  • Introduced through: mysql@latest libmount@2.37.4-21.0.1.el9

NVD Description

Note: Versions mentioned in the description apply only to the upstream libmount package and not the libmount package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Remediation

Upgrade Oracle:9 libmount to version 0:2.37.4-21.0.1.el9_7 or higher.
This issue was patched in ELSA-2026-1913.

References

Out-of-bounds Read vulnerability report

medium severity
new

Out-of-bounds Read

  • Vulnerable module: libsmartcols
  • Introduced through: libsmartcols@2.37.4-21.0.1.el9
  • Fixed in: 0:2.37.4-21.0.1.el9_7

Detailed paths

  • Introduced through: mysql@latest libsmartcols@2.37.4-21.0.1.el9

NVD Description

Note: Versions mentioned in the description apply only to the upstream libsmartcols package and not the libsmartcols package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Remediation

Upgrade Oracle:9 libsmartcols to version 0:2.37.4-21.0.1.el9_7 or higher.
This issue was patched in ELSA-2026-1913.

References

Out-of-bounds Read vulnerability report

medium severity
new

Out-of-bounds Read

  • Vulnerable module: libuuid
  • Introduced through: libuuid@2.37.4-21.0.1.el9
  • Fixed in: 0:2.37.4-21.0.1.el9_7

Detailed paths

  • Introduced through: mysql@latest libuuid@2.37.4-21.0.1.el9

NVD Description

Note: Versions mentioned in the description apply only to the upstream libuuid package and not the libuuid package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Remediation

Upgrade Oracle:9 libuuid to version 0:2.37.4-21.0.1.el9_7 or higher.
This issue was patched in ELSA-2026-1913.

References

Out-of-bounds Read vulnerability report

medium severity

Information Exposure

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Information Exposure vulnerability report

medium severity

Information Exposure

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Information Exposure vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of OCSP_basic_verify will not use the OCSP_NOCHECKS flag. In this case the OCSP_basic_verify function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

Improper Certificate Validation vulnerability report

medium severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Remediation

Upgrade Oracle:9 openssl to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

Use of a Broken or Risky Cryptographic Algorithm vulnerability report

medium severity

Improper Certificate Validation

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of OCSP_basic_verify will not use the OCSP_NOCHECKS flag. In this case the OCSP_basic_verify function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

Improper Certificate Validation vulnerability report

medium severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-41.0.1.ksplice1.el9_0

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-41.0.1.ksplice1.el9_0 or higher.
This issue was patched in ELSA-2022-9751.

References

Use of a Broken or Risky Cryptographic Algorithm vulnerability report

medium severity

Out-of-bounds Read

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.0.1-47.0.1.ksplice1.el9_1

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory.

In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.0.1-47.0.1.ksplice1.el9_1 or higher.
This issue was patched in ELSA-2023-12152.

References

Out-of-bounds Read vulnerability report

medium severity

CVE-2025-9230

  • Vulnerable module: openssl
  • Introduced through: openssl@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-4.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

Remediation

Upgrade Oracle:9 openssl to version 2:3.5.1-4.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2025-28020.

References

CVE-2025-9230 vulnerability report

medium severity

CVE-2025-9230

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:3.5.1-7.0.1.el9_7
  • Fixed in: 2:3.5.1-4.0.1.ksplice1.el9_7

Detailed paths

  • Introduced through: mysql@latest openssl-libs@1:3.5.1-7.0.1.el9_7

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

Remediation

Upgrade Oracle:9 openssl-libs to version 2:3.5.1-4.0.1.ksplice1.el9_7 or higher.
This issue was patched in ELSA-2025-28020.

References

CVE-2025-9230 vulnerability report