| Package | openssl |
|---|---|
| Version | 1.1.0l-1~deb9u12 (stretch), 1.1.1n-0+deb10u9 (buster) |
| Related CVEs | CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 |
Aisle Research found multiple vulnerabilites in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet.
CVE-2025-68160
Petr Simecek (Aisle Research) and Stanislav Fort (Aisle Research) found
writing large, newline-free data into a BIO chain using the line-buffering
filter where the next BIO performs short writes can trigger a heap-based
out-of-bounds write. This out-of-bounds write can cause memory corruption
which typically results in a crash, leading to Denial of Service for an
application.
CVE-2025-69418
Stanislav Fort (Aisle Research) found using the low-level OCB API directly
with AES-NI or other hardware-accelerated code paths, inputs whose length
is not a multiple of 16 bytes can leave the final partial block unencrypted
and unauthenticated. The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.
CVE-2025-69419
Stanislav Fort (Aisle Research) found a maliciously crafted PKCS#12 file
with a BMPString (UTF-16BE) can lead to out-of-bounds write causing a
memory corruption which can have various consequences including a Denial of
Service.
CVE-2025-69420
Luigino Camastra (Aisle Research) found a type confusion vulnerability
exists in the TimeStamp Response verification code, leading to an invalid
or NULL pointer dereference when processing a malformed TimeStamp Response
file. The result is a possible Denial of Service.
CVE-2025-69421
Luigino Camastra (Aisle Research) found out processing a malformed PKCS#12
file can trigger a NULL pointer dereference in the
PKCS12_item_decrypt_d2i_ex() function that can trigger a crash which leads
to Denial of Service for an application processing PKCS#12 files.
CVE-2026-22795
Luigino Camastra (Aisle Research) found that an application processing a
malformed PKCS#12 file can be caused to dereference an invalid or NULL
pointer on memory read, resulting in a Denial of Service.
CVE-2026-22796
Luigino Camastra (Aisle Research) found that an application performing
signature verification of PKCS#7 data or calling directly the
PKCS7_digest_from_attributes() function can be caused to dereference an
invalid or NULL pointer when reading, resulting in a Denial of Service.
More details are available in: https://openssl-library.org/news/secadv/20260127.txt
For Debian 10 buster, these problems have been fixed in version 1.1.1n-0+deb10u9.
For Debian 9 stretch, these problems have been fixed in version 1.1.0l-1~deb9u12.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.