CVE-2025-69420 — Improper Check for Unusual or Exceptional Conditions in Openssl
Severity
7.5HIGHNVD
OSV6.1
EPSS
0.3%
top 46.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 27
Description
Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code where an ASN1_TYPE union member is accessed without first
validating the type, causing an invalid or NULL pointer dereference when
processing a malformed TimeStamp Response file.
Impact summary: An application calling TS_RESP_verify_response() with a
malformed TimeStamp Response can be caused to dereference an invalid or
NULL pointer when reading, resulting in a Denial of Service.
The functions oss…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-w42r-ph9f-9x66: Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code where an ASN1_TYPE union member is accessed without f↗2026-01-27
OSV▶
CVE-2025-69420: Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code where an ASN1_TYPE union member is accessed without f↗2026-01-27
OSV▶
CVE-2025-69420: Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without f↗2026-01-27
📋Vendor Advisories
5Debian▶
CVE-2025-69420: openssl - Issue summary: A type confusion vulnerability exists in the TimeStamp Response v...↗2025