Debian OpenSSL vulnerabilities

CVE-2026-31790 [HIGH] CVE-2026-31790: openssl - Issue summary: Applications using RSASVE key encapsulation to establish a secret... Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt()

CVE-2026-28390 [HIGH] CVE-2026-28390: openssl - Issue summary: During processing of a crafted CMS EnvelopedData message with Key... Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRe

CVE-2026-28389 [HIGH] CVE-2026-28389: openssl - Issue summary: During processing of a crafted CMS EnvelopedData message with Key... Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientI

CVE-2026-28388 [HIGH] CVE-2026-28388: openssl - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is... Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 c

CVE-2026-22796 [MEDIUM] CVE-2026-22796: openssl - Issue summary: A type confusion vulnerability exists in the signature verificati... Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling direc

CVE-2026-22795 [MEDIUM] CVE-2026-22795: openssl - Issue summary: An invalid or NULL pointer dereference can happen in an applicati... Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an AS

CVE-2026-2673 [HIGH] CVE-2026-2673: openssl - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected pref... Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the

CVE-2026-28386 [CRITICAL] CVE-2026-28386: openssl - Issue summary: Applications using AES-CFB128 encryption or decryption on systems... Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary

CVE-2026-28387 CVE-2026-28387: openssl - Issue summary: An uncommon configuration of clients performing DANE TLSA-based s... Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary cod

CVE-2026-31789 CVE-2026-31789: openssl - Issue summary: Converting an excessively large OCTET STRING value to a hexadecim... Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING v

CVE-2025-69421 [HIGH] CVE-2025-69421: openssl - Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer de... Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL

CVE-2025-9230 [HIGH] CVE-2025-9230: openssl - Issue summary: An application trying to decrypt CMS messages encrypted using pas... Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial

CVE-2025-15467 [HIGH] CVE-2025-15467: openssl - Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with malic... Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV

CVE-2025-69420 [HIGH] CVE-2025-69420: openssl - Issue summary: A type confusion vulnerability exists in the TimeStamp Response v... Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp

CVE-2025-69419 [HIGH] CVE-2025-69419: openssl - Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously craft... Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.

CVE-2025-69418 [MEDIUM] CVE-2025-69418: openssl - Issue summary: When using the low-level OCB API directly with AES-NI or<br>other... Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed incleartext on encryption and are not covered by the authentication tag,a

CVE-2025-9232 [MEDIUM] CVE-2025-9232: openssl - Issue summary: An application using the OpenSSL HTTP client API functions may tr... Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP cl

CVE-2025-68160 [MEDIUM] CVE-2025-68160: openssl - Issue summary: Writing large, newline-free data into a BIO chain using the line-... Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filte

CVE-2025-15469 [MEDIUM] CVE-2025-15469: openssl - Issue summary: The 'openssl dgst' command-line tool silently truncates input dat... Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data bey

CVE-2025-15468 [MEDIUM] CVE-2025-15468: openssl - Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC ... Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello