CVE-2025-9232Out-of-bounds Read in Openssl

CWE-125Out-of-bounds Read15 documents9 sources
Severity
5.9MEDIUMNVD
OSV7.5OSV7.4
EPSS
0.0%
top 89.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
OpensslTianocore Edk2Debian Openssl+10 more
Timeline
PublishedSep 30
Latest updateMar 12

Description

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate M

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages16 packages

debiandebian/openssl< openssl 3.0.17-1~deb12u3 (bookworm)
CVEListV5openssl/openssl3.5.03.5.4+4
Alpineopenssl/openssl< 3.0.19-r0+5
Debianopenssl/openssl< 3.0.17-1~deb12u3+2
Ubuntuopenssl/openssl< 3.0.2-0ubuntu1.20+5

🔴Vulnerability Details

6
OSV
edk2 regression2025-11-28
OSV
edk2 vulnerabilities2025-11-26
OSV
CVE-2025-9232: Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is2025-09-30
OSV
openssl, openssl1.0 vulnerabilities2025-09-30
OSV
CVE-2025-9232: Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is2025-09-30

📋Vendor Advisories

8
CISA ICS
Siemens SIDIS Prime2026-03-12
Ubuntu
EDK II regression2025-11-28
Ubuntu
EDK II vulnerabilities2025-11-26
BSD
FreeBSD-SA-25:08.openssl: Multiple vulnerabilities in OpenSSL2025-09-30
Red Hat
openssl: Out-of-bounds read in HTTP client no_proxy handling2025-09-30
CVE-2025-9232 — Out-of-bounds Read in Openssl | cvebase