Debian OpenSSL vulnerabilities

CVE-2025-9231 [MEDIUM] CVE-2025-9231: openssl - Issue summary: A timing side-channel which could potentially allow remote recove... Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not a

CVE-2025-4575 [MEDIUM] CVE-2025-4575: openssl - Issue summary: Use of -addreject option with the openssl x509 application adds a... Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste error during minor refactoring of the code introduced this issue in th

CVE-2025-66199 [MEDIUM] CVE-2025-66199: openssl - Issue summary: A TLS 1.3 connection using certificate compression can be forced ... Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resour

CVE-2025-27587 [MEDIUM] CVE-2025-27587: openssl - OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Miner... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized

CVE-2025-11187 [MEDIUM] CVE-2025-11187: openssl - Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which c... Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. Th

CVE-2024-5535 [CRITICAL] CVE-2024-5535: openssl - Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an em... Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes

CVE-2024-6119 [HIGH] CVE-2024-6119: openssl - Issue summary: Applications performing certificate name checks (e.g., TLS client... Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS cli

CVE-2024-4741 [HIGH] CVE-2024-4741: openssl - Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memor... Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers functio

CVE-2024-2511 [MEDIUM] CVE-2024-2511: openssl - Issue summary: Some non-default TLS server configurations can cause unbounded me... Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not

CVE-2024-13176 [MEDIUM] CVE-2024-13176: edk2 - Issue summary: A timing side-channel which could potentially allow recovering th... Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast n

CVE-2024-4603 [MEDIUM] CVE-2024-4603: openssl - Issue summary: Checking excessively long DSA keys or parameters may be very slow... Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to

CVE-2024-9143 [MEDIUM] CVE-2024-9143: openssl - Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted e... Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that

CVE-2024-0727 [MEDIUM] CVE-2024-0727: openssl - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL t... Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specificati

CVE-2024-12797 [MEDIUM] CVE-2024-12797: openssl - Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a se... Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authenticat

CVE-2023-0216 [HIGH] CVE-2023-0216: openssl - An invalid pointer dereference on read can be triggered when an application trie... An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applicat

CVE-2023-0215 [HIGH] CVE-2023-0215: openssl - The public API function BIO_new_NDEF is a helper function used for streaming ASN... The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form

CVE-2023-5363 [HIGH] CVE-2023-5363: openssl - Issue summary: A bug has been identified in the processing of key and initialisa... Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_Encryp

CVE-2023-0217 [HIGH] CVE-2023-0217: openssl - An invalid pointer dereference on read can be triggered when an application trie... An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implement

CVE-2023-0464 [HIGH] CVE-2023-0464: openssl - A security vulnerability has been identified in all supported versions of OpenS... A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on

CVE-2023-0286 [HIGH] CVE-2023-0286: openssl - There is a type confusion vulnerability relating to X.400 address processing ins... There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE