CVE-2025-66199 — Memory Allocation with Excessive Size Value in Openssl

CWE-789 — Memory Allocation with Excessive Size Value CWE-770 — Allocation of Resources Without Limits or Throttling19 documents10 sources

Severity

5.9MEDIUMNVD

OSV6.1

EPSS

0.1%

top 79.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl

Timeline

PublishedJan 27

Latest updateApr 10

Description

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service). In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCe…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5openssl/openssl3.6.0 — 3.6.1+3

▶NVDopenssl/openssl3.3.0 — 3.3.6+3

▶Alpineopenssl/openssl< 3.3.6-r0+3

▶Debianopenssl/openssl< 3.5.4-1~deb13u2+1

▶Ubuntuopenssl/openssl< 3.0.2-0ubuntu1.21+6

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

openssl, openssl1.0 vulnerabilities↗2026-01-27

▶

OSV

CVE-2025-66199: Issue summary: A TLS 1↗2026-01-27

▶

OSV

openssl vulnerabilities↗2026-01-27

▶

CVEList

TLS 1.3 CompressedCertificate excessive memory allocation↗2026-01-27

▶

OSV

CVE-2025-66199: Issue summary: A TLS 1↗2026-01-27

▶

📋Vendor Advisories

Red Hat

openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression↗2026-01-27

▶

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

BSD

FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL↗2026-01-27

▶

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

Debian

CVE-2025-66199: openssl - Issue summary: A TLS 1.3 connection using certificate compression can be forced ...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66199 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2025-66199 sslscan: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression [epel-10]↗2026-04-10

▶

Bugzilla

CVE-2025-66199 openssl3: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression [epel-8]↗2026-04-10

▶

Bugzilla

CVE-2025-66199 edk2: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression [fedora-43]↗2026-04-10

▶

Bugzilla

CVE-2025-66199 sslscan: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression [epel-9]↗2026-04-10

▶

Bugzilla

CVE-2025-66199 sslscan: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression [fedora-all]↗2026-04-10

▶