| VID |
210300 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of OpenSSL installed on the remote host is prior to 3.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.6.1 advisory.
- Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.
Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue. Fixed in OpenSSL 3.6.1 (Affected since 3.6.0). (CVE-2025-15468)
- Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.
Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. Fixed in OpenSSL 3.6.1 (Affected since 3.6.0). (CVE-2025-69421)
* References:
https://openssl-library.org/news/secadv/20260127.txt
https://www.cve.org/CVERecord?id=CVE-2025-11187
https://www.cve.org/CVERecord?id=CVE-2025-15467
https://www.cve.org/CVERecord?id=CVE-2025-15468
https://www.cve.org/CVERecord?id=CVE-2025-15469
https://www.cve.org/CVERecord?id=CVE-2025-66199
https://www.cve.org/CVERecord?id=CVE-2025-68160
https://www.cve.org/CVERecord?id=CVE-2025-69418
https://www.cve.org/CVERecord?id=CVE-2025-69419
https://www.cve.org/CVERecord?id=CVE-2025-69420
https://www.cve.org/CVERecord?id=CVE-2025-69421
https://www.cve.org/CVERecord?id=CVE-2026-22795
https://www.cve.org/CVERecord?id=CVE-2026-22796
* Platforms Affected:
OpenSSL 3.6.x before 3.6.1
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of OpenSSL (3.6.1 or later), available from the OpenSSL Web site at http://www.openssl.org/ |
| Related URL |
CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
